Recognising the value and potential for coordinated vulnerability disclosure to facilitate the reporting and remediation of security vulnerabilities, GSMA welcomes disclosures pertaining to its own product or service offerings and its technology assets, including the following
- GSMA Websites
- Device Database
- Device Check
- Device Map
- Event Systems and Services
- Pegged Exchange
We invite private individuals and organisations to report vulnerabilities identified in GSMA assets to firstname.lastname@example.org.
Please note that recognition in the Mobile Security Hall of Fame is for identified vulnerabilities which affect mobile industry standards and services, not for those pertaining to GSMA Assets.
This is not a bug bounty programme, consequentially GSMA does not offer rewards for submitted vulnerabilities of this type.