GSMA Members' Vulnerability Disclosure Programmes

Please see below our directory of GSMA member companies may also have their own vulnerability disclosure programmes. GSMA is not responsible for the vulnerability disclosure process of member companies. Please see guidance GSMA has put together about setting up a CVD programme.

The GSMA’s industry Coordinated Vulnerability Disclosure Programme considers vulnerabilities affecting open standards based technologies which are not proprietary to a specific vendor but that are used across, or have significant impact on, the mobile industry. GSMA also has it’s own disclosure process for vulnerabilities affecting GSMA assets or services.

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

A1 Responsible Disclosure
w: https://www.a1.net/responsible-disclosure
e: [email protected]
Verified: 10 July 2020

AT&T
w: https://hackerone.com/att
Verified: 10 July 2020

Blackberry
w: https://www.blackberry.com/us/en/services/blackberry-incident-response-team
e: [email protected]
Verified: 10 July 2020

BT
w: https://hackerone.com/bt
e: UK: [email protected] or Non-UK: [email protected]
Verified: 10 July 2020

Deutsche Telekom Bug Bounty program
w: http://telekom.com/bugbounty
e: [email protected]
Verified: 10 July 2020

Ericsson PSIRT
w: https://www.ericsson.com/en/about-us/enterprise-security/psirt
e: [email protected]
Verified: 10 July 2020

Hewlett Packard
w: https://www.hpe.com/h41268/live/index_e.aspx?qid=11503
e: [email protected]
Verified: 10 July 2020

HTC
w: https://www.htc.com/uk/terms/product-security/
e: [email protected]
Verified: 10 July 2020

Huawei CVD Programme
w: https://www.huawei.com/en/psirt/report-vulnerabilities
e: [email protected]
Verified: 10 July 2020

KPN N.V. CVD Programme
w: https://www.kpn.com/algemeen/missie-en-privacy-statement/security-vulnerability.htm
e: [email protected]
Verified: 10 July 2020

MTN Group
w: https://hackerone.com/mtn_group
Verified: 10 July 2020

NCSC UK
w: https://hackerone.com/ncsc_uk
Verified: 10 July 2020

Nokia Responsible Vulnerability Disclosure
w: https://www.nokia.com/responsible-disclosure/
e: [email protected]
Verified: 10 July 2020

Oracle
w: https://www.oracle.com/corporate/security-practices/assurance/vulnerability/reporting.html
e: [email protected]
Verified: 10 July 2020

Orange Group
w: https://cert.orange.com/
e: [email protected]
Verified: 10 July 2020

Palo Alto Networks
w: https://security.paloaltonetworks.com/Report
e: [email protected]
Verified: 10 July 2020

Proximus Group
w: https://www.proximus.com/investors/regulatory-information.html#title-4
e: [email protected]
Verified: 10 July 2020

Qualcomm
w: https://www.qualcomm.com/company/product-security/report-a-bug
e: [email protected]
Verified: 10 July 2020

Samsung Mobile
w: https://security.samsungmobile.com/securityReporting.smsb
e: [email protected]
Verified: 10 July 2020

Sierra Wireless
w: https://www.sierrawireless.com/company/security/report-an-issue/
e: [email protected]
Verified: 12 February 2021

Sky
w: https://www.sky.com/help/articles/responsible-disclosure
Verified: 10 July 2020

Sony
w: https://hackerone.com/sony
Verified: 10 July 2020

Swisscom Bug Bounty Program
w: https://www.swisscom.ch/en/about/company/portrait/network/security/bug-bounty.html
Verified: 10 July 2020

Tele2
w: https://www.tele2.nl/thuis/internet/veilig-internetten/stappenplan/
e: [email protected]
Verified: 10 July 2020

Telecom Italia Responsible Disclosure
w: https://www.telecomitalia.com/tit/en/footer/responsible-disclosure.html
e: [email protected]
Verified: 10 July 2020

Telefonica Germany
w: https://bugcrowd.com/telefonicavdp
Verified: 10 July 2020

Telefonica Group
w: https://www.telefonica.com/en/web/about_telefonica/privacy-centre/security
Verified: 10 July 2020

Telenet Group
w: https://www.intigriti.com/programs/telenet/telenet/detail
Verified: 10 July 2020

u-blox
w: https://www.u-blox.com/en/report-security-issues
e: [email protected]
Verified: 12 January 2021

Verizon Media
w: https://hackerone.com/verizonmedia
Verified: 10 July 2020

Vodafone Group
w: https://www.vodafone.com/report-a-vulnerability
e: [email protected]
Verified: 10 July 2020

Vodafone Netherlands
w: https://www.vodafone.nl/over-deze-website/privacy-en-disclaimer/report-security-leak.shtml
Verified: 10 July 2020

ZTE
w: https://www.zte.com.cn/global/cybersecurity/ztepsirt/bug-bounty
Verified: 12 May 2021

Contact us to add or amend your organisation’s details.

[email protected]