Applying to join the CVD Panel of Experts

Applications to join the GSMA Coordinated Vulnerability Disclosure (CVD) Panel of Experts will re-open in Q1 2021. We welcome applications from security professionals from GSMA Members, Associate Members and Rapporteurs who can analyse vulnerabilities disclosed to us and help formulate the GSMA’s response. We are keen to have a spread of geographic and technical specialism represented.

Find out more about the CVD Programme.

Further information on the Panel of Experts

The Panel of Experts (PoE) is the group of subject matter experts from GSMA Members, Associate Members and Rapporteurs who assess and consider options for remediation of vulnerabilities submitted to GSMA. PoE activities include technical analysis, assessing the impact of submission, suggesting remediation options and contributing to advisories relating to the vulnerability. The also review the GSMA CVD Programme.

The GSMA CVD scope is security vulnerabilities that impact the mobile industry, primarily open standards based technologies. We therefore work with a broad cross-section of the industry to consider and develop remediations for vulnerabilities which are submitted to us.

Benefits for individuals joining the Panel of Experts include:

  • gaining professional fulfilment from supporting the whole mobile industry
  • the opportunity to consider and develop remediating and mitigating actions for interesting and varied mobile security vulnerabilities
  • insight to coordinated vulnerability disclosure

Individuals wishing to apply to join the panel of experts need to be able to commit to support the industry programme, read and understand how the GSMA CVD Programme works and in particular the role of the Panel of Experts in this, and have the backing of their employer to allow them to take part. Successful applicants are required to join a training e-meeting before taking part in discussions about CVD submissions. Full information can be found in the GSMA permanent reference document FS.23 about GSMA CVD.

Alongside a general security mind-set, we look for applicants to the PoE to have experience in one or several of:

  • Transport/transmission security
  • Radio access network (RAN) security
  • Signalling protocol security
  • Core network technology security
  • Device security
  • UICC/eUICC security
  • Cryptography
  • Internet of Things (IoT) security
  • Roaming and interworking security
  • Cloud and virtualisation security
  • Billing and financial system security
  • Protocol analysis/security