GSMA recognises the value and potential for coordinated vulnerability disclosure to facilitate the reporting and remediation of security vulnerabilities. It welcomes disclosures pertaining to its own product or service offerings and its technology assets, including those below.
Please note: Recognition in the Mobile Security Research Acknowledgements page is for identifying vulnerabilities which affect mobile industry standards and services, NOT for those pertaining to GSMA Assets listed below.
This is not a bug bounty programme, consequentially GSMA does not offer any rewards for submitted vulnerabilities of this type.
- GSMA Websites
- InfoCentre
- Device Database
- Device Check
- Device Map
- Pathfinder
- Event Systems and Services
- RAEX
- Pegged Exchange
We invite private individuals and organisations to report vulnerabilities identified in GSMA assets.
Please note:
This is not a bug bounty programme, consequentially GSMA does not offer any rewards for submitted vulnerabilities of this type.