If you have any questions about WhatsApp’s security policies, all your answers will now be available at one place. The instant messaging platform has now introduced an advisory page where it will give a “comprehensive list” of “security updates and associated Common Vulnerabilities and Exposures (CVE)”.  

COMMERCIAL BREAK
SCROLL TO CONTINUE READING

While the messaging platform does list these vulnerabilities on MITRE, Cert-in and other similar code libraries across the world, its own list will come with more context on the bugs and its fixes. 

“The details included in CVE descriptions are meant to help researchers understand technical scenarios and does not imply users were impacted in this manner,” a note from WhatsApp said, suggesting that a lot of the bugs, though reported, don’t impact users. 

“WhatsApp also relies on numerous code libraries developed by third parties for various features and we will annotate security updates for these libraries so other developers can make necessary updates,” it said, adding how it was their “policy to notify developers and providers of mobile operating systems about security issues that WhatsApp may identify”. 

“We are very committed to transparency and this resource is intended to help the broader technology community benefit from the latest advances in our security efforts. We strongly encourage all users to ensure they keep their WhatsApp up-to-date from their respective app stores and update their mobile operating systems whenever updates are available,” the note said. 

The page has already gone live and will be updated on a regular basis. Many other large tech organisations like Microsoft too list the vulnerabilities that have found or have been brought to their notice.