GSMA Members’ Vulnerability Disclosure Programmes

Please see below our directory of GSMA member companies may also have their own vulnerability disclosure programmes. GSMA is not responsible for the vulnerability disclosure process of member companies. Please see guidance GSMA has put together about setting up a CVD programme.

The GSMA’s industry Coordinated Vulnerability Disclosure Programme considers vulnerabilities affecting open standards based technologies which are not proprietary to a specific vendor but that are used across, or have significant impact on, the mobile industry. GSMA also has it’s own disclosure process for vulnerabilities affecting GSMA assets or services.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z


A1 Responsible Disclosure
w: https://www.a1.net/responsible-disclosure
e: responsible-disclosure@a1.at
Verified: 10 July 2020

AT&T
w: https://hackerone.com/att
Verified: 10 July 2020

Blackberry
w: https://www.blackberry.com/us/en/services/blackberry-incident-response-team
e: secure@blackberry.com
Verified: 10 July 2020

BT
w: https://hackerone.com/bt
e: UK: security@bt.com or Non-UK: security@eu.bt.net
Verified: 10 July 2020

Deutsche Telekom Bug Bounty program
w: http://telekom.com/bugbounty
e: cert@telekom.de
Verified: 10 July 2020

Ericsson PSIRT
w: https://www.ericsson.com/en/about-us/enterprise-security/psirt
e: psirt@ericsson.com
Verified: 10 July 2020

Hewlett Packard
w: https://www.hpe.com/h41268/live/index_e.aspx?qid=11503
e: security@hpe.com
Verified: 10 July 2020

HTC
w: https://www.htc.com/uk/terms/product-security/
e: security@htc.com
Verified: 10 July 2020

Huawei CVD Programme
w: https://www.huawei.com/en/psirt/report-vulnerabilities
e: psirt@huawei.com
Verified: 10 July 2020

KPN N.V. CVD Programme
w: https://www.kpn.com/algemeen/missie-en-privacy-statement/security-vulnerability.htm
e: cert@kpn-cert.nl
Verified: 10 July 2020

MTN Group
w: https://hackerone.com/mtn_group
Verified: 10 July 2020

NCSC UK
w: https://hackerone.com/ncsc_uk
Verified: 10 July 2020

Nokia Responsible Vulnerability Disclosure
w: https://www.nokia.com/responsible-disclosure/
e: security-alert@nokia.com
Verified: 10 July 2020

Oracle
w: https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html
e: secalert_us@oracle.com
Verified: 10 July 2020

Orange Group
w: https://cert.orange.com/
e: cert@orange.com
Verified: 10 July 2020

Palo Alto Networks
w: https://security.paloaltonetworks.com/Report
e: psirt@paloaltonetworks.com
Verified: 10 July 2020

Proximus Group
w: https://www.proximus.com/investors/regulatory-information.html#title-4
e: responsible.disclosure@proximus.com
Verified: 10 July 2020

Qualcomm
w: https://www.qualcomm.com/company/product-security/report-a-bug
e: product-security@qualcomm.com
Verified: 10 July 2020

Samsung Mobile
w: https://security.samsungmobile.com/securityReporting.smsb
e: mobile.security@samsung.com
Verified: 10 July 2020

Sierra Wireless
w: https://www.sierrawireless.com/company/security/report-an-issue/
e: security@sierrawireless.com
Verified: 12 February 2021

Sky
w: https://www.sky.com/help/articles/responsible-disclosure
Verified: 10 July 2020

Sony
w: https://hackerone.com/sony
Verified: 10 July 2020

Swisscom Bug Bounty Program
w: https://www.swisscom.ch/en/about/company/portrait/network/security/bug-bounty.html
Verified: 10 July 2020

Tele2
w: https://www.tele2.nl/thuis/internet/veilig-internetten/stappenplan/
e: cert@t-mobile.nl
Verified: 10 July 2020

Telecom Italia Responsible Disclosure
w: https://www.telecomitalia.com/tit/en/footer/responsible-disclosure.html
e: responsible-disclosure@telecomitalia.it
Verified: 10 July 2020

Telefonica Germany
w: https://bugcrowd.com/telefonicavdp
Verified: 10 July 2020

Telefonica Group
w: https://www.telefonica.com/en/web/about_telefonica/privacy-centre/security
Verified: 10 July 2020

Telenet Group
w: https://www.intigriti.com/programs/telenet/telenet/detail
Verified: 10 July 2020

u-blox
w: https://www.u-blox.com/en/report-security-issues
e: security@u-blox.com
Verified: 12 January 2021

Verizon Media
w: https://hackerone.com/verizonmedia
Verified: 10 July 2020

Vodafone Group
w: https://www.vodafone.com/report-a-vulnerability
e: responsible.disclosure@vodafone.com
Verified: 10 July 2020

Vodafone Netherlands
w: https://www.vodafone.nl/over-deze-website/privacy-en-disclaimer/report-security-leak.shtml
Verified: 10 July 2020

ZTE
w: https://www.zte.com.cn/global/cybersecurity/ztepsirt/bug-bounty
Verified: 12 May 2021

Contact us to add or amend your organisation’s details.

cvd@gsma.com