Please see below our directory of GSMA member companies may also have their own vulnerability disclosure programmes. GSMA is not responsible for the vulnerability disclosure process of member companies. Please see guidance GSMA has put together about setting up a CVD programme.
The GSMA’s industry Coordinated Vulnerability Disclosure Programme considers vulnerabilities affecting open standards based technologies which are not proprietary to a specific vendor but that are used across, or have significant impact on, the mobile industry. GSMA also has it’s own disclosure process for vulnerabilities affecting GSMA assets or services.
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z
A1 Responsible Disclosure
w: https://www.a1.net/responsible-disclosure
e: responsible-disclosure@a1.at
Verified: 10 July 2020
AT&T
w: https://hackerone.com/att
Verified: 10 July 2020
Blackberry
w: https://www.blackberry.com/us/en/services/blackberry-incident-response-team
e: secure@blackberry.com
Verified: 10 July 2020
BT
w: https://hackerone.com/bt
e: UK: security@bt.com or Non-UK: security@eu.bt.net
Verified: 10 July 2020
Deutsche Telekom Bug Bounty program
w: http://telekom.com/bugbounty
e: cert@telekom.de
Verified: 10 July 2020
Ericsson PSIRT
w: https://www.ericsson.com/en/about-us/enterprise-security/psirt
e: psirt@ericsson.com
Verified: 10 July 2020
Hewlett Packard
w: https://www.hpe.com/h41268/live/index_e.aspx?qid=11503
e: security@hpe.com
Verified: 10 July 2020
HTC
w: https://www.htc.com/uk/terms/product-security/
e: security@htc.com
Verified: 10 July 2020
Huawei CVD Programme
w: https://www.huawei.com/en/psirt/report-vulnerabilities
e: psirt@huawei.com
Verified: 10 July 2020
KPN N.V. CVD Programme
w: https://www.kpn.com/algemeen/missie-en-privacy-statement/security-vulnerability.htm
e: cert@kpn-cert.nl
Verified: 10 July 2020
MTN Group
w: https://hackerone.com/mtn_group
Verified: 10 July 2020
NCSC UK
w: https://hackerone.com/ncsc_uk
Verified: 10 July 2020
Nokia Responsible Vulnerability Disclosure
w: https://www.nokia.com/responsible-disclosure/
e: security-alert@nokia.com
Verified: 10 July 2020
Oracle
w: https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html
e: secalert_us@oracle.com
Verified: 10 July 2020
Orange Group
w: https://cert.orange.com/
e: cert@orange.com
Verified: 10 July 2020
Palo Alto Networks
w: https://security.paloaltonetworks.com/Report
e: psirt@paloaltonetworks.com
Verified: 10 July 2020
Proximus Group
w: https://www.proximus.com/investors/regulatory-information.html#title-4
e: responsible.disclosure@proximus.com
Verified: 10 July 2020
Qualcomm
w: https://www.qualcomm.com/company/product-security/report-a-bug
e: product-security@qualcomm.com
Verified: 10 July 2020
Samsung Mobile
w: https://security.samsungmobile.com/securityReporting.smsb
e: mobile.security@samsung.com
Verified: 10 July 2020
Sierra Wireless
w: https://www.sierrawireless.com/company/security/report-an-issue/
e: security@sierrawireless.com
Verified: 12 February 2021
Sky
w: https://www.sky.com/help/articles/responsible-disclosure
Verified: 10 July 2020
Sony
w: https://hackerone.com/sony
Verified: 10 July 2020
Swisscom Bug Bounty Program
w: https://www.swisscom.ch/en/about/company/portrait/network/security/bug-bounty.html
Verified: 10 July 2020
Tele2
w: https://www.tele2.nl/thuis/internet/veilig-internetten/stappenplan/
e: cert@t-mobile.nl
Verified: 10 July 2020
Telecom Italia Responsible Disclosure
w: https://www.telecomitalia.com/tit/en/footer/responsible-disclosure.html
e: responsible-disclosure@telecomitalia.it
Verified: 10 July 2020
Telefonica Germany
w: https://bugcrowd.com/telefonicavdp
Verified: 10 July 2020
Telefonica Group
w: https://www.telefonica.com/en/web/about_telefonica/privacy-centre/security
Verified: 10 July 2020
Telenet Group
w: https://www.intigriti.com/programs/telenet/telenet/detail
Verified: 10 July 2020
u-blox
w: https://www.u-blox.com/en/report-security-issues
e: security@u-blox.com
Verified: 12 January 2021
Verizon Media
w: https://hackerone.com/verizonmedia
Verified: 10 July 2020
Vodafone Group
w: https://www.vodafone.com/report-a-vulnerability
e: responsible.disclosure@vodafone.com
Verified: 10 July 2020
Vodafone Netherlands
w: https://www.vodafone.nl/over-deze-website/privacy-en-disclaimer/report-security-leak.shtml
Verified: 10 July 2020
ZTE
w: https://www.zte.com.cn/global/cybersecurity/ztepsirt/bug-bounty
Verified: 12 May 2021
Contact us to add or amend your organisation’s details.