Please see below our directory of GSMA member companies may also have their own vulnerability disclosure programmes. GSMA is not responsible for the vulnerability disclosure process of member companies. Please see guidance GSMA has put together about setting up a CVD programme.
The GSMA’s industry Coordinated Vulnerability Disclosure Programme considers vulnerabilities affecting open standards based technologies which are not proprietary to a specific vendor but that are used across, or have significant impact on, the mobile industry. GSMA also has it’s own disclosure process for vulnerabilities affecting GSMA assets or services.
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A1 Responsible Disclosure
w: https://www.a1.net/responsible-disclosure
e: [email protected]
Verified: 10 July 2020
AT&T
w: https://hackerone.com/att
Verified: 10 July 2020
Blackberry
w: https://www.blackberry.com/us/en/services/blackberry-incident-response-team
e: [email protected]
Verified: 10 July 2020
BT
w: https://hackerone.com/bt
e: UK: [email protected] or Non-UK: [email protected]
Verified: 10 July 2020
Deutsche Telekom Bug Bounty program
w: http://telekom.com/bugbounty
e: [email protected]
Verified: 10 July 2020
Ericsson PSIRT
w: https://www.ericsson.com/en/about-us/enterprise-security/psirt
e: [email protected]
Verified: 10 July 2020
Hewlett Packard
w: https://www.hpe.com/h41268/live/index_e.aspx?qid=11503
e: [email protected]
Verified: 10 July 2020
HTC
w: https://www.htc.com/uk/terms/product-security/
e: [email protected]
Verified: 10 July 2020
Huawei CVD Programme
w: https://www.huawei.com/en/psirt/report-vulnerabilities
e: [email protected]
Verified: 10 July 2020
KPN N.V. CVD Programme
w: https://www.kpn.com/algemeen/missie-en-privacy-statement/security-vulnerability.htm
e: [email protected]
Verified: 10 July 2020
MTN Group
w: https://hackerone.com/mtn_group
Verified: 10 July 2020
NCSC UK
w: https://hackerone.com/ncsc_uk
Verified: 10 July 2020
Nokia Responsible Vulnerability Disclosure
w: https://www.nokia.com/responsible-disclosure/
e: [email protected]
Verified: 10 July 2020
Oracle
w: https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html
e: [email protected]
Verified: 10 July 2020
Orange Group
w: https://cert.orange.com/
e: [email protected]
Verified: 10 July 2020
Palo Alto Networks
w: https://security.paloaltonetworks.com/Report
e: [email protected]
Verified: 10 July 2020
Proximus Group
w: https://www.proximus.com/investors/regulatory-information.html#title-4
e: [email protected]
Verified: 10 July 2020
Qualcomm
w: https://www.qualcomm.com/company/product-security/report-a-bug
e: [email protected]
Verified: 10 July 2020
Samsung Mobile
w: https://security.samsungmobile.com/securityReporting.smsb
e: [email protected]
Verified: 10 July 2020
Sierra Wireless
w: https://www.sierrawireless.com/company/security/report-an-issue/
e: [email protected]
Verified: 12 February 2021
Sky
w: https://www.sky.com/help/articles/responsible-disclosure
Verified: 10 July 2020
Sony
w: https://hackerone.com/sony
Verified: 10 July 2020
Swisscom Bug Bounty Program
w: https://www.swisscom.ch/en/about/company/portrait/network/security/bug-bounty.html
Verified: 10 July 2020
Tele2
w: https://www.tele2.nl/thuis/internet/veilig-internetten/stappenplan/
e: [email protected]
Verified: 10 July 2020
Telecom Italia Responsible Disclosure
w: https://www.telecomitalia.com/tit/en/footer/responsible-disclosure.html
e: [email protected]
Verified: 10 July 2020
Telefonica Germany
w: https://bugcrowd.com/telefonicavdp
Verified: 10 July 2020
Telefonica Group
w: https://www.telefonica.com/en/web/about_telefonica/privacy-centre/security
Verified: 10 July 2020
Telenet Group
w: https://www.intigriti.com/programs/telenet/telenet/detail
Verified: 10 July 2020
u-blox
w: https://www.u-blox.com/en/report-security-issues
e: [email protected]
Verified: 12 January 2021
Verizon Media
w: https://hackerone.com/verizonmedia
Verified: 10 July 2020
Vodafone Group
w: https://www.vodafone.com/report-a-vulnerability
e: [email protected]
Verified: 10 July 2020
Vodafone Netherlands
w: https://www.vodafone.nl/over-deze-website/privacy-en-disclaimer/report-security-leak.shtml
Verified: 10 July 2020
ZTE
w: https://www.zte.com.cn/global/cybersecurity/ztepsirt/bug-bounty
Verified: 12 May 2021
Contact us to add or amend your organisation’s details.