Tuesday 9 June, 2026
Coordinated Vulnerability Disclosure (CVD) of security vulnerabilities is a well-established process which allows people or groups, such as security researchers, to report details of security vulnerabilities in products and services. The GSMA CVD programme provides a framework that sets clear expectations for constructive engagement by all parties to remediate or mitigate notified vulnerabilities.
The early disclosure of vulnerabilities can help to protect end users, allowing manufacturers and providers of products and services to address security issues before public disclosures are made.
The GSMA operates a programme for CVD (“CVD Programme”) to better protect mobile industry systems, mobile users and the wider industry ecosystem. The GSMA’s CVD Programme does not consider vulnerabilities affecting an individual manufacturer or operator, but deals with security vulnerabilities that impact the mobile industry as a whole. This means that vulnerabilities which are non-manufacturer specific can be reported, remediation options considered and actioned.
