WhatsApp has created its security advisory site to be more transparent towards fixing security issues
WhatsApp has created its new site to list all flaws under one roof
The messaging app has been in focus of hackers for quite some time
Facebook also announced its third-party vulnerability disclosure policy
WhatsApp has revealed six new vulnerabilities that were previously undisclosed and have now been fixed. The Facebook-owned company reported the vulnerabilities on its newly created security advisory webpage that will serve as a single destination to highlight all the security issues spotted and fixed on WhatsApp and reveal associated Common Vulnerabilities and Exposures (CVE). The new development by WhatsApp is aimed to help the technology community benefit from its latest security updates and be more transparent towards notifying users about the flaws and vulnerabilities fixed on the platform.
Of the six new vulnerabilities fixed by WhatsApp, four existed in WhatsApp for Android, with two being a part of its iPhone client, while the remaining two were specifically related to WhatsApp Desktop versions prior to v0.3.4932, as reported on the security advisory site. Two third of the new vulnerabilities were found internally — through code review or automated dynamic analysis — and one third were reported through the bug bounty programme conducted by Facebook.
WhatsApp will be able to continue the practice of revealing vulnerabilities through its newly created security advisory site. This will detail the security issues that the company isn't able to mention in the app release notes of the updates due to the policies and practices of app stores.
Thus, it makes sense for WhatsApp to have a dedicated security advisory site where it can list all the security issues under one roof. The arrival of the new site also suggests that the security team behind the world's most popular messaging app could focus more on identifying and patching flaws to resist past issues.
“We are very committed to transparency and this resource is intended to help the broader technology community benefit from the latest advances in our security efforts,” WhatsApp wrote on its security advisory site.
In addition to the new site, WhatsApp parent Facebook has announced its vulnerability disclosure policy that will allow the social media giant to publicly disclose the vulnerabilities it found in a third-party code after 21 days of its reporting.
“Facebook will contact the appropriate responsible party and inform them as quickly as reasonably possible of a security vulnerability we've found. We expect the third party to respond within 21 days to let us know how the issue is being mitigated to protect the impacted people. If we don't hear back within 21 days after reporting, Facebook reserves the right to disclose the vulnerability,” the company said in its advisory related to the new policy.
Companies including Google and Microsoft already have a similar mechanism in place for some time through which they report and disclose vulnerability in third-party offerings.
In 2020, will WhatsApp get the killer feature that every Indian is waiting for? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts or RSS, download the episode, or just hit the play button below.
Jagmeet Singh writes about consumer technology for Gadgets 360, out of New Delhi. Jagmeet is a principal correspondent for Gadgets 360, and has frequently written about apps, computer security, Internet services, and telecom developments. Jagmeet is available on Twitter at @JagmeetS13 or Email at email@example.com. Please send in your leads and tips.