GSMA recognises the value and potential for coordinated vulnerability disclosure to facilitate the reporting and remediation of security vulnerabilities. It welcomes disclosures pertaining to its own product or service offerings and its technology assets, including:
- GSMA Websites
- Device Database
- Device Check
- Device Map
- Event Systems and Services
- Pegged Exchange
We invite private individuals and organisations to report vulnerabilities identified in GSMA assets
Please note: Recognition in the Mobile Security Hall of Fame is for identifying vulnerabilities which affect mobile industry standards and services, not for those pertaining to GSMA Assets.
This is not a bug bounty programme, consequentially GSMA does not offer any rewards for submitted vulnerabilities of this type.