Thursday 4th June 2026
The GSMA Coordinated Vulnerability Disclosure (CVD) Annual Meeting 2026 brought together experts from across the mobile ecosystem to review progress, share perspectives, and explore how the industry can continue to strengthen coordinated vulnerability handling. The meeting provided an opportunity to reflect on the programme’s development over the past year while identifying priorities for the future in an increasingly complex security landscape.
Reviewing progress and programme maturity
A key focus of the meeting was the continued evolution of the GSMA CVD programme and the growing maturity of its processes. Participants reviewed progress made since the previous annual meeting, including how submissions are handled, how the programme continues to adapt to changing demands, and how feedback from the research community can help improve responsiveness and transparency. These discussions reinforced the importance of maintaining a trusted, efficient, and collaborative disclosure environment for the mobile sector.
Navigating a changing legal and policy landscape
The meeting also examined how the broader legal and regulatory environment is shaping vulnerability research and disclosure practices. As governments, regulators, and industry bodies continue to refine expectations around cybersecurity, participants discussed the value of clear frameworks that support responsible research, encourage constructive engagement, and help organisations respond effectively to disclosed issues. This remains especially important in sectors such as telecommunications, where security, trust, and resilience are critical.
Building expertise across the mobile security community
Another important theme was the need to continue broadening the range of expertise that supports coordinated vulnerability disclosure in the mobile ecosystem. Discussions highlighted the value of diverse technical perspectives, strong industry participation, and ongoing outreach to researchers and stakeholders. By strengthening collaboration across operators, vendors, researchers, and standards bodies, the programme can remain well positioned to address emerging security challenges.
Exploring the role of AI in vulnerability disclosure
Participants also explored how artificial intelligence may influence the future of vulnerability handling, both in terms of the types of submissions programmes may receive and the ways internal processes could evolve. The discussion reflected a shared interest in understanding how AI can support efficiency and consistency while maintaining appropriate oversight, quality, and trust. As security workflows continue to evolve, these conversations will play an important role in shaping practical and responsible approaches.
Looking ahead
The 2026 GSMA CVD Annual Meeting highlighted the continued importance of openness, cooperation, and shared responsibility in strengthening mobile security. As the threat landscape evolves, effective vulnerability disclosure depends on trusted relationships between researchers and industry, clear processes, and a willingness to adapt. The discussions held during the meeting underscored a collective commitment to improving the resilience of the mobile ecosystem and supporting responsible security research across the sector.
Get Involved
There are multiple ways to participate in the GSMA CVD Programme—whether you’re a security researcher looking to report a vulnerability or a GSMA member interested in joining our Panel of Experts.
- For Security Researchers
We welcome vulnerability submissions from both individuals and organisations. If you have identified a security issue affecting the mobile ecosystem, you are encouraged to report it responsibly in line with the scope of our programme. Detailed guidance on how to submit a vulnerability can be found here. - For GSMA Member Experts
If you are a mobile telecommunications security professional working for a GSMA member organisation, you are invited to apply for a position on the CVD Panel of Experts. The next scheduled recruitment round is planned for late 2026, though occasional ad-hoc opportunities may arise. You can register your interest here.
For any questions about the programme or to express interest in joining the panel, please contact us at cvd@gsma.com.