P14. Addressing security vulnerabilities

The company should address XXXX glossary-securityvulnerability XXXX when they are discovered.

Digital platforms
 
100%0%
100
Verizon Media
83
Microsoft
67
Facebook
67
Tencent
67
Yandex
65
Amazon
58
Mail.Ru
50
Twitter
36
Alibaba
35
Google
33
Baidu
28
Apple
22
Samsung
17
Kakao
Telecommunications companies
 
100%0%
75
MTN
50
Vodafone
25
AT&T
25
Orange
25
Telefónica
8
Deutsche Telekom
4
Telenor
0
América Móvil
0
Axiata
0
Bharti Airtel
0
Etisalat
0
Ooredoo
Select companies:
All companies
Sort:
Alphabetically
25%

AT&T

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

AT&T (Prepaid mobile)
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

AT&T (Prepaid mobile)
No
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

AT&T (Prepaid mobile)
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

AT&T (Prepaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

AT&T (Prepaid mobile)
No Disclosure
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

AT&T (Prepaid mobile)
No Disclosure
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

AT&T (Prepaid mobile)
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

AT&T (Prepaid mobile)
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

AT&T (Prepaid mobile)
No Disclosure
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

AT&T (Prepaid mobile)
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

AT&T (Prepaid mobile)
NA
Average17
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

AT&T (Postpaid mobile)
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

AT&T (Postpaid mobile)
No
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

AT&T (Postpaid mobile)
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

AT&T (Postpaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

AT&T (Postpaid mobile)
No Disclosure
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

AT&T (Postpaid mobile)
No Disclosure
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

AT&T (Postpaid mobile)
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

AT&T (Postpaid mobile)
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

AT&T (Postpaid mobile)
No Disclosure
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

AT&T (Postpaid mobile)
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

AT&T (Postpaid mobile)
NA
Average17
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

AT&T (Fixed-line broadband)
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

AT&T (Fixed-line broadband)
No
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

AT&T (Fixed-line broadband)
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

AT&T (Fixed-line broadband)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

AT&T (Fixed-line broadband)
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

AT&T (Fixed-line broadband)
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

AT&T (Fixed-line broadband)
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

AT&T (Fixed-line broadband)
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

AT&T (Fixed-line broadband)
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

AT&T (Fixed-line broadband)
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

AT&T (Fixed-line broadband)
NA
Average33
36%

Alibaba

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Taobao.com
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Taobao.com
Partial
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Taobao.com
No
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Taobao.com
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Taobao.com
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Taobao.com
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Taobao.com
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Taobao.com
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Taobao.com
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Taobao.com
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Taobao.com
NA
Average50
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

AliGenie
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

AliGenie
Partial
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

AliGenie
No
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

AliGenie
Partial
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

AliGenie
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

AliGenie
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

AliGenie
No Disclosure
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

AliGenie
No Disclosure
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

AliGenie
No Disclosure
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

AliGenie
No Disclosure
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

AliGenie
No Disclosure
Average22
65%

Amazon

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Amazon.com
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Amazon.com
Partial
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Amazon.com
Yes
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Amazon.com
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Amazon.com
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Amazon.com
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Amazon.com
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Amazon.com
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Amazon.com
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Amazon.com
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Amazon.com
NA
Average83
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Alexa
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Alexa
Partial
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Alexa
Yes
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Alexa
No Disclosure
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Alexa
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Alexa
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Alexa
No Disclosure
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Alexa
No Disclosure
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Alexa
No Disclosure
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Alexa
No Disclosure
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Alexa
No Disclosure
Average28
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Amazon Drive
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Amazon Drive
Partial
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Amazon Drive
Yes
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Amazon Drive
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Amazon Drive
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Amazon Drive
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Amazon Drive
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Amazon Drive
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Amazon Drive
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Amazon Drive
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Amazon Drive
NA
Average83
0%

América Móvil

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Telcel (Prepaid mobile)
No Disclosure
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Telcel (Prepaid mobile)
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Telcel (Prepaid mobile)
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Telcel (Prepaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Telcel (Prepaid mobile)
No Disclosure
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Telcel (Prepaid mobile)
No Disclosure
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Telcel (Prepaid mobile)
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Telcel (Prepaid mobile)
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Telcel (Prepaid mobile)
No Disclosure
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Telcel (Prepaid mobile)
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Telcel (Prepaid mobile)
NA
AverageNA
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Telcel (Postpaid mobile)
No Disclosure
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Telcel (Postpaid mobile)
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Telcel (Postpaid mobile)
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Telcel (Postpaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Telcel (Postpaid mobile)
No Disclosure
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Telcel (Postpaid mobile)
No Disclosure
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Telcel (Postpaid mobile)
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Telcel (Postpaid mobile)
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Telcel (Postpaid mobile)
No Disclosure
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Telcel (Postpaid mobile)
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Telcel (Postpaid mobile)
NA
AverageNA
28%

Apple

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

iOS
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

iOS
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

iOS
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

iOS
No Disclosure
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

iOS
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

iOS
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

iOS
No Disclosure
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

iOS
No Disclosure
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

iOS
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

iOS
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

iOS
NA
Average17
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

iMessage
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

iMessage
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

iMessage
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

iMessage
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

iMessage
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

iMessage
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

iMessage
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

iMessage
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

iMessage
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

iMessage
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

iMessage
NA
Average33
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

iCloud
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

iCloud
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

iCloud
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

iCloud
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

iCloud
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

iCloud
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

iCloud
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

iCloud
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

iCloud
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

iCloud
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

iCloud
NA
Average33
0%

Axiata

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Celcom (Prepaid mobile)
No Disclosure
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Celcom (Prepaid mobile)
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Celcom (Prepaid mobile)
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Celcom (Prepaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Celcom (Prepaid mobile)
No Disclosure
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Celcom (Prepaid mobile)
No Disclosure
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Celcom (Prepaid mobile)
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Celcom (Prepaid mobile)
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Celcom (Prepaid mobile)
No Disclosure
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Celcom (Prepaid mobile)
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Celcom (Prepaid mobile)
NA
AverageNA
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Celcom (Postpaid mobile)
No Disclosure
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Celcom (Postpaid mobile)
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Celcom (Postpaid mobile)
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Celcom (Postpaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Celcom (Postpaid mobile)
No Disclosure
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Celcom (Postpaid mobile)
No Disclosure
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Celcom (Postpaid mobile)
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Celcom (Postpaid mobile)
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Celcom (Postpaid mobile)
No Disclosure
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Celcom (Postpaid mobile)
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Celcom (Postpaid mobile)
NA
AverageNA
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Celcom (Fixed-line broadband)
No Disclosure
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Celcom (Fixed-line broadband)
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Celcom (Fixed-line broadband)
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Celcom (Fixed-line broadband)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Celcom (Fixed-line broadband)
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Celcom (Fixed-line broadband)
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Celcom (Fixed-line broadband)
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Celcom (Fixed-line broadband)
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Celcom (Fixed-line broadband)
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Celcom (Fixed-line broadband)
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Celcom (Fixed-line broadband)
NA
AverageNA
33%

Baidu

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Baidu Search
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Baidu Search
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Baidu Search
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Baidu Search
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Baidu Search
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Baidu Search
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Baidu Search
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Baidu Search
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Baidu Search
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Baidu Search
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Baidu Search
NA
Average33
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Baidu Cloud
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Baidu Cloud
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Baidu Cloud
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Baidu Cloud
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Baidu Cloud
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Baidu Cloud
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Baidu Cloud
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Baidu Cloud
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Baidu Cloud
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Baidu Cloud
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Baidu Cloud
NA
Average33
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Baidu PostBar
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Baidu PostBar
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Baidu PostBar
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Baidu PostBar
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Baidu PostBar
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Baidu PostBar
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Baidu PostBar
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Baidu PostBar
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Baidu PostBar
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Baidu PostBar
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Baidu PostBar
NA
Average33
0%

Bharti Airtel

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Airtel India (Prepaid mobile)
No Disclosure
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Airtel India (Prepaid mobile)
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Airtel India (Prepaid mobile)
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Airtel India (Prepaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Airtel India (Prepaid mobile)
No Disclosure
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Airtel India (Prepaid mobile)
No Disclosure
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Airtel India (Prepaid mobile)
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Airtel India (Prepaid mobile)
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Airtel India (Prepaid mobile)
No Disclosure
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Airtel India (Prepaid mobile)
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Airtel India (Prepaid mobile)
NA
AverageNA
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Airtel India (Postpaid mobile)
No Disclosure
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Airtel India (Postpaid mobile)
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Airtel India (Postpaid mobile)
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Airtel India (Postpaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Airtel India (Postpaid mobile)
No Disclosure
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Airtel India (Postpaid mobile)
No Disclosure
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Airtel India (Postpaid mobile)
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Airtel India (Postpaid mobile)
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Airtel India (Postpaid mobile)
No Disclosure
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Airtel India (Postpaid mobile)
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Airtel India (Postpaid mobile)
NA
AverageNA
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Airtel India (Fixed-line broadband)
No Disclosure
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Airtel India (Fixed-line broadband)
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Airtel India (Fixed-line broadband)
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Airtel India (Fixed-line broadband)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Airtel India (Fixed-line broadband)
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Airtel India (Fixed-line broadband)
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Airtel India (Fixed-line broadband)
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Airtel India (Fixed-line broadband)
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Airtel India (Fixed-line broadband)
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Airtel India (Fixed-line broadband)
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Airtel India (Fixed-line broadband)
NA
AverageNA
8%

Deutsche Telekom

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Deutsche Telekom (Prepaid mobile)
Partial
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Deutsche Telekom (Prepaid mobile)
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Deutsche Telekom (Prepaid mobile)
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Deutsche Telekom (Prepaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Deutsche Telekom (Prepaid mobile)
No Disclosure
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Deutsche Telekom (Prepaid mobile)
No Disclosure
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Deutsche Telekom (Prepaid mobile)
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Deutsche Telekom (Prepaid mobile)
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Deutsche Telekom (Prepaid mobile)
No Disclosure
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Deutsche Telekom (Prepaid mobile)
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Deutsche Telekom (Prepaid mobile)
NA
Average8
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Deutsche Telekom (Postpaid mobile)
Partial
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Deutsche Telekom (Postpaid mobile)
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Deutsche Telekom (Postpaid mobile)
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Deutsche Telekom (Postpaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Deutsche Telekom (Postpaid mobile)
No Disclosure
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Deutsche Telekom (Postpaid mobile)
No Disclosure
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Deutsche Telekom (Postpaid mobile)
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Deutsche Telekom (Postpaid mobile)
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Deutsche Telekom (Postpaid mobile)
No Disclosure
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Deutsche Telekom (Postpaid mobile)
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Deutsche Telekom (Postpaid mobile)
NA
Average8
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Deutsche Telekom (Fixed-line broadband)
Partial
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Deutsche Telekom (Fixed-line broadband)
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Deutsche Telekom (Fixed-line broadband)
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Deutsche Telekom (Fixed-line broadband)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Deutsche Telekom (Fixed-line broadband)
No Disclosure
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Deutsche Telekom (Fixed-line broadband)
No Disclosure
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Deutsche Telekom (Fixed-line broadband)
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Deutsche Telekom (Fixed-line broadband)
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Deutsche Telekom (Fixed-line broadband)
No Disclosure
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Deutsche Telekom (Fixed-line broadband)
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Deutsche Telekom (Fixed-line broadband)
NA
Average8
0%

Etisalat

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Etisalat UAE (Prepaid mobile)
No Disclosure
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Etisalat UAE (Prepaid mobile)
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Etisalat UAE (Prepaid mobile)
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Etisalat UAE (Prepaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Etisalat UAE (Prepaid mobile)
No Disclosure
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Etisalat UAE (Prepaid mobile)
No Disclosure
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Etisalat UAE (Prepaid mobile)
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Etisalat UAE (Prepaid mobile)
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Etisalat UAE (Prepaid mobile)
No Disclosure
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Etisalat UAE (Prepaid mobile)
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Etisalat UAE (Prepaid mobile)
NA
AverageNA
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Etisalat UAE (Postpaid mobile)
No Disclosure
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Etisalat UAE (Postpaid mobile)
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Etisalat UAE (Postpaid mobile)
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Etisalat UAE (Postpaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Etisalat UAE (Postpaid mobile)
No Disclosure
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Etisalat UAE (Postpaid mobile)
No Disclosure
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Etisalat UAE (Postpaid mobile)
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Etisalat UAE (Postpaid mobile)
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Etisalat UAE (Postpaid mobile)
No Disclosure
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Etisalat UAE (Postpaid mobile)
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Etisalat UAE (Postpaid mobile)
NA
AverageNA
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Etisalat UAE (Fixed-line broadband)
No Disclosure
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Etisalat UAE (Fixed-line broadband)
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Etisalat UAE (Fixed-line broadband)
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Etisalat UAE (Fixed-line broadband)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Etisalat UAE (Fixed-line broadband)
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Etisalat UAE (Fixed-line broadband)
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Etisalat UAE (Fixed-line broadband)
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Etisalat UAE (Fixed-line broadband)
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Etisalat UAE (Fixed-line broadband)
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Etisalat UAE (Fixed-line broadband)
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Etisalat UAE (Fixed-line broadband)
NA
AverageNA
67%

Facebook

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Facebook
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Facebook
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Facebook
Yes
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Facebook
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Facebook
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Facebook
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Facebook
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Facebook
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Facebook
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Facebook
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Facebook
NA
Average67
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Instagram
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Instagram
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Instagram
Yes
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Instagram
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Instagram
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Instagram
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Instagram
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Instagram
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Instagram
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Instagram
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Instagram
NA
Average67
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

WhatsApp
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

WhatsApp
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

WhatsApp
Yes
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

WhatsApp
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

WhatsApp
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

WhatsApp
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

WhatsApp
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

WhatsApp
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

WhatsApp
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

WhatsApp
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

WhatsApp
NA
Average67
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Messenger
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Messenger
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Messenger
Yes
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Messenger
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Messenger
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Messenger
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Messenger
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Messenger
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Messenger
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Messenger
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Messenger
NA
Average67
35%

Google

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Google Search
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Google Search
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Google Search
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Google Search
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Google Search
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Google Search
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Google Search
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Google Search
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Google Search
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Google Search
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Google Search
NA
Average33
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Gmail
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Gmail
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Gmail
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Gmail
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Gmail
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Gmail
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Gmail
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Gmail
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Gmail
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Gmail
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Gmail
NA
Average33
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

YouTube
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

YouTube
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

YouTube
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

YouTube
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

YouTube
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

YouTube
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

YouTube
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

YouTube
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

YouTube
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

YouTube
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

YouTube
NA
Average33
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Android mobile ecosystem
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Android mobile ecosystem
Partial
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Android mobile ecosystem
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Android mobile ecosystem
No Disclosure
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Android mobile ecosystem
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Android mobile ecosystem
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Android mobile ecosystem
Yes
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Android mobile ecosystem
No
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Android mobile ecosystem
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Android mobile ecosystem
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Android mobile ecosystem
NA
Average42
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Google Drive
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Google Drive
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Google Drive
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Google Drive
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Google Drive
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Google Drive
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Google Drive
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Google Drive
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Google Drive
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Google Drive
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Google Drive
NA
Average33
17%

Kakao

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Daum Search
Partial
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Daum Search
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Daum Search
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Daum Search
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Daum Search
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Daum Search
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Daum Search
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Daum Search
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Daum Search
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Daum Search
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Daum Search
NA
Average17
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Daum Mail
Partial
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Daum Mail
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Daum Mail
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Daum Mail
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Daum Mail
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Daum Mail
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Daum Mail
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Daum Mail
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Daum Mail
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Daum Mail
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Daum Mail
NA
Average17
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

KakaoTalk
Partial
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

KakaoTalk
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

KakaoTalk
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

KakaoTalk
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

KakaoTalk
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

KakaoTalk
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

KakaoTalk
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

KakaoTalk
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

KakaoTalk
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

KakaoTalk
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

KakaoTalk
NA
Average17
75%

MTN

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

MTN South Africa (Prepaid mobile)
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

MTN South Africa (Prepaid mobile)
Yes
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

MTN South Africa (Prepaid mobile)
Yes
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

MTN South Africa (Prepaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

MTN South Africa (Prepaid mobile)
No Disclosure
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

MTN South Africa (Prepaid mobile)
No Disclosure
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

MTN South Africa (Prepaid mobile)
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

MTN South Africa (Prepaid mobile)
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

MTN South Africa (Prepaid mobile)
No Disclosure
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

MTN South Africa (Prepaid mobile)
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

MTN South Africa (Prepaid mobile)
NA
Average50
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

MTN South Africa (Postpaid mobile)
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

MTN South Africa (Postpaid mobile)
Yes
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

MTN South Africa (Postpaid mobile)
Yes
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

MTN South Africa (Postpaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

MTN South Africa (Postpaid mobile)
No Disclosure
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

MTN South Africa (Postpaid mobile)
No Disclosure
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

MTN South Africa (Postpaid mobile)
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

MTN South Africa (Postpaid mobile)
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

MTN South Africa (Postpaid mobile)
No Disclosure
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

MTN South Africa (Postpaid mobile)
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

MTN South Africa (Postpaid mobile)
NA
Average50
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

MTN South Africa (Fixed-line broadband)
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

MTN South Africa (Fixed-line broadband)
Yes
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

MTN South Africa (Fixed-line broadband)
Yes
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

MTN South Africa (Fixed-line broadband)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

MTN South Africa (Fixed-line broadband)
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

MTN South Africa (Fixed-line broadband)
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

MTN South Africa (Fixed-line broadband)
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

MTN South Africa (Fixed-line broadband)
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

MTN South Africa (Fixed-line broadband)
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

MTN South Africa (Fixed-line broadband)
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

MTN South Africa (Fixed-line broadband)
NA
Average100
58%

Mail.Ru

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

VK
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

VK
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

VK
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

VK
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

VK
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

VK
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

VK
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

VK
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

VK
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

VK
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

VK
NA
Average33
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Mail.Ru email
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Mail.Ru email
Yes
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Mail.Ru email
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Mail.Ru email
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Mail.Ru email
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Mail.Ru email
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Mail.Ru email
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Mail.Ru email
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Mail.Ru email
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Mail.Ru email
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Mail.Ru email
NA
Average67
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Mail.Ru Agent
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Mail.Ru Agent
Yes
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Mail.Ru Agent
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Mail.Ru Agent
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Mail.Ru Agent
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Mail.Ru Agent
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Mail.Ru Agent
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Mail.Ru Agent
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Mail.Ru Agent
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Mail.Ru Agent
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Mail.Ru Agent
NA
Average67
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Mail.Ru Cloud Solutions
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Mail.Ru Cloud Solutions
Yes
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Mail.Ru Cloud Solutions
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Mail.Ru Cloud Solutions
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Mail.Ru Cloud Solutions
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Mail.Ru Cloud Solutions
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Mail.Ru Cloud Solutions
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Mail.Ru Cloud Solutions
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Mail.Ru Cloud Solutions
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Mail.Ru Cloud Solutions
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Mail.Ru Cloud Solutions
NA
Average67
83%

Microsoft

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Bing
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Bing
Partial
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Bing
Yes
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Bing
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Bing
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Bing
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Bing
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Bing
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Bing
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Bing
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Bing
NA
Average83
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Outlook.com
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Outlook.com
Partial
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Outlook.com
Yes
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Outlook.com
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Outlook.com
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Outlook.com
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Outlook.com
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Outlook.com
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Outlook.com
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Outlook.com
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Outlook.com
NA
Average83
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Skype
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Skype
Partial
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Skype
Yes
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Skype
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Skype
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Skype
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Skype
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Skype
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Skype
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Skype
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Skype
NA
Average83
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

OneDrive
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

OneDrive
Partial
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

OneDrive
Yes
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

OneDrive
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

OneDrive
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

OneDrive
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

OneDrive
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

OneDrive
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

OneDrive
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

OneDrive
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

OneDrive
NA
Average83
0%

Ooredoo

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Ooredoo Qatar (Prepaid mobile)
No Disclosure
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Ooredoo Qatar (Prepaid mobile)
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Ooredoo Qatar (Prepaid mobile)
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Ooredoo Qatar (Prepaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Ooredoo Qatar (Prepaid mobile)
No Disclosure
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Ooredoo Qatar (Prepaid mobile)
No Disclosure
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Ooredoo Qatar (Prepaid mobile)
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Ooredoo Qatar (Prepaid mobile)
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Ooredoo Qatar (Prepaid mobile)
No Disclosure
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Ooredoo Qatar (Prepaid mobile)
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Ooredoo Qatar (Prepaid mobile)
NA
AverageNA
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Ooredoo Qatar (Postpaid mobile)
No Disclosure
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Ooredoo Qatar (Postpaid mobile)
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Ooredoo Qatar (Postpaid mobile)
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Ooredoo Qatar (Postpaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Ooredoo Qatar (Postpaid mobile)
No Disclosure
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Ooredoo Qatar (Postpaid mobile)
No Disclosure
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Ooredoo Qatar (Postpaid mobile)
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Ooredoo Qatar (Postpaid mobile)
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Ooredoo Qatar (Postpaid mobile)
No Disclosure
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Ooredoo Qatar (Postpaid mobile)
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Ooredoo Qatar (Postpaid mobile)
NA
AverageNA
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Ooredoo Qatar (Fixed-line broadband)
No Disclosure
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Ooredoo Qatar (Fixed-line broadband)
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Ooredoo Qatar (Fixed-line broadband)
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Ooredoo Qatar (Fixed-line broadband)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Ooredoo Qatar (Fixed-line broadband)
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Ooredoo Qatar (Fixed-line broadband)
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Ooredoo Qatar (Fixed-line broadband)
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Ooredoo Qatar (Fixed-line broadband)
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Ooredoo Qatar (Fixed-line broadband)
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Ooredoo Qatar (Fixed-line broadband)
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Ooredoo Qatar (Fixed-line broadband)
NA
AverageNA
25%

Orange

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Orange France (Prepaid mobile)
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Orange France (Prepaid mobile)
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Orange France (Prepaid mobile)
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Orange France (Prepaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Orange France (Prepaid mobile)
No Disclosure
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Orange France (Prepaid mobile)
No Disclosure
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Orange France (Prepaid mobile)
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Orange France (Prepaid mobile)
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Orange France (Prepaid mobile)
No Disclosure
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Orange France (Prepaid mobile)
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Orange France (Prepaid mobile)
NA
Average17
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Orange France (Postpaid mobile)
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Orange France (Postpaid mobile)
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Orange France (Postpaid mobile)
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Orange France (Postpaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Orange France (Postpaid mobile)
No Disclosure
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Orange France (Postpaid mobile)
No Disclosure
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Orange France (Postpaid mobile)
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Orange France (Postpaid mobile)
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Orange France (Postpaid mobile)
No Disclosure
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Orange France (Postpaid mobile)
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Orange France (Postpaid mobile)
NA
Average17
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Orange France (Fixed-line broadband)
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Orange France (Fixed-line broadband)
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Orange France (Fixed-line broadband)
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Orange France (Fixed-line broadband)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Orange France (Fixed-line broadband)
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Orange France (Fixed-line broadband)
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Orange France (Fixed-line broadband)
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Orange France (Fixed-line broadband)
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Orange France (Fixed-line broadband)
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Orange France (Fixed-line broadband)
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Orange France (Fixed-line broadband)
NA
Average33
22%

Samsung

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Samsung implementation of Android
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Samsung implementation of Android
Yes
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Samsung implementation of Android
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Samsung implementation of Android
Yes
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Samsung implementation of Android
No Disclosure
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Samsung implementation of Android
Yes
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Samsung implementation of Android
No Disclosure
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Samsung implementation of Android
No Disclosure
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Samsung implementation of Android
No Disclosure
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Samsung implementation of Android
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Samsung implementation of Android
NA
Average44
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Samsung Cloud
No
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Samsung Cloud
No
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Samsung Cloud
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Samsung Cloud
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Samsung Cloud
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Samsung Cloud
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Samsung Cloud
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Samsung Cloud
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Samsung Cloud
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Samsung Cloud
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Samsung Cloud
NA
AverageNA
25%

Telefónica

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Movistar (Prepaid mobile)
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Movistar (Prepaid mobile)
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Movistar (Prepaid mobile)
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Movistar (Prepaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Movistar (Prepaid mobile)
No Disclosure
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Movistar (Prepaid mobile)
No Disclosure
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Movistar (Prepaid mobile)
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Movistar (Prepaid mobile)
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Movistar (Prepaid mobile)
No Disclosure
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Movistar (Prepaid mobile)
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Movistar (Prepaid mobile)
NA
Average17
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Movistar (Postpaid mobile)
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Movistar (Postpaid mobile)
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Movistar (Postpaid mobile)
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Movistar (Postpaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Movistar (Postpaid mobile)
No Disclosure
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Movistar (Postpaid mobile)
No Disclosure
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Movistar (Postpaid mobile)
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Movistar (Postpaid mobile)
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Movistar (Postpaid mobile)
No Disclosure
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Movistar (Postpaid mobile)
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Movistar (Postpaid mobile)
NA
Average17
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Movistar (Fixed-line broadband)
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Movistar (Fixed-line broadband)
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Movistar (Fixed-line broadband)
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Movistar (Fixed-line broadband)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Movistar (Fixed-line broadband)
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Movistar (Fixed-line broadband)
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Movistar (Fixed-line broadband)
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Movistar (Fixed-line broadband)
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Movistar (Fixed-line broadband)
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Movistar (Fixed-line broadband)
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Movistar (Fixed-line broadband)
NA
Average33
4%

Telenor

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Telenor (Prepaid mobile)
No Disclosure
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Telenor (Prepaid mobile)
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Telenor (Prepaid mobile)
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Telenor (Prepaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Telenor (Prepaid mobile)
Partial
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Telenor (Prepaid mobile)
No Disclosure
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Telenor (Prepaid mobile)
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Telenor (Prepaid mobile)
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Telenor (Prepaid mobile)
No Disclosure
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Telenor (Prepaid mobile)
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Telenor (Prepaid mobile)
NA
Average8
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Telenor (Postpaid mobile)
No Disclosure
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Telenor (Postpaid mobile)
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Telenor (Postpaid mobile)
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Telenor (Postpaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Telenor (Postpaid mobile)
Partial
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Telenor (Postpaid mobile)
No Disclosure
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Telenor (Postpaid mobile)
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Telenor (Postpaid mobile)
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Telenor (Postpaid mobile)
No Disclosure
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Telenor (Postpaid mobile)
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Telenor (Postpaid mobile)
NA
Average8
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Telenor (Fixed-line broadband)
No Disclosure
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Telenor (Fixed-line broadband)
No Disclosure
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Telenor (Fixed-line broadband)
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Telenor (Fixed-line broadband)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Telenor (Fixed-line broadband)
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Telenor (Fixed-line broadband)
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Telenor (Fixed-line broadband)
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Telenor (Fixed-line broadband)
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Telenor (Fixed-line broadband)
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Telenor (Fixed-line broadband)
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Telenor (Fixed-line broadband)
NA
AverageNA
67%

Tencent

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

QZone
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

QZone
Yes
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

QZone
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

QZone
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

QZone
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

QZone
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

QZone
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

QZone
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

QZone
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

QZone
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

QZone
NA
Average67
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

QQ
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

QQ
Yes
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

QQ
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

QQ
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

QQ
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

QQ
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

QQ
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

QQ
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

QQ
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

QQ
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

QQ
NA
Average67
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

WeChat
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

WeChat
Yes
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

WeChat
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

WeChat
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

WeChat
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

WeChat
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

WeChat
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

WeChat
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

WeChat
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

WeChat
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

WeChat
NA
Average67
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Tencent Cloud
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Tencent Cloud
Yes
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Tencent Cloud
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Tencent Cloud
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Tencent Cloud
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Tencent Cloud
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Tencent Cloud
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Tencent Cloud
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Tencent Cloud
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Tencent Cloud
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Tencent Cloud
NA
Average67
50%

Twitter

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Twitter
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Twitter
Partial
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Twitter
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Twitter
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Twitter
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Twitter
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Twitter
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Twitter
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Twitter
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Twitter
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Twitter
NA
Average50
100%

Verizon Media

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Yahoo Mail
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Yahoo Mail
Yes
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Yahoo Mail
Yes
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Yahoo Mail
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Yahoo Mail
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Yahoo Mail
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Yahoo Mail
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Yahoo Mail
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Yahoo Mail
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Yahoo Mail
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Yahoo Mail
NA
Average100
50%

Vodafone

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Vodafone UK (Prepaid mobile)
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Vodafone UK (Prepaid mobile)
Yes
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Vodafone UK (Prepaid mobile)
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Vodafone UK (Prepaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Vodafone UK (Prepaid mobile)
No Disclosure
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Vodafone UK (Prepaid mobile)
No Disclosure
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Vodafone UK (Prepaid mobile)
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Vodafone UK (Prepaid mobile)
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Vodafone UK (Prepaid mobile)
No Disclosure
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Vodafone UK (Prepaid mobile)
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Vodafone UK (Prepaid mobile)
NA
Average33
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Vodafone UK (Postpaid mobile)
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Vodafone UK (Postpaid mobile)
Yes
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Vodafone UK (Postpaid mobile)
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Vodafone UK (Postpaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Vodafone UK (Postpaid mobile)
No Disclosure
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Vodafone UK (Postpaid mobile)
No Disclosure
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Vodafone UK (Postpaid mobile)
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Vodafone UK (Postpaid mobile)
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Vodafone UK (Postpaid mobile)
No Disclosure
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Vodafone UK (Postpaid mobile)
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Vodafone UK (Postpaid mobile)
NA
Average33
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Vodafone UK (Fixed-line broadband)
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Vodafone UK (Fixed-line broadband)
Yes
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Vodafone UK (Fixed-line broadband)
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Vodafone UK (Fixed-line broadband)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Vodafone UK (Fixed-line broadband)
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Vodafone UK (Fixed-line broadband)
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Vodafone UK (Fixed-line broadband)
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Vodafone UK (Fixed-line broadband)
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Vodafone UK (Fixed-line broadband)
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Vodafone UK (Fixed-line broadband)
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Vodafone UK (Fixed-line broadband)
NA
Average67
67%

Yandex

P14. Addressing security vulnerabilities
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Yandex Mail
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Yandex Mail
Yes
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Yandex Mail
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Yandex Mail
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Yandex Mail
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Yandex Mail
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Yandex Mail
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Yandex Mail
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Yandex Mail
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Yandex Mail
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Yandex Mail
NA
Average67
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Yandex Search
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Yandex Search
Yes
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Yandex Search
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Yandex Search
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Yandex Search
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Yandex Search
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Yandex Search
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Yandex Search
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Yandex Search
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Yandex Search
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Yandex Search
NA
Average67
1.

Does the company XXXX glossary-clearlydisclose XXXX that it has a mechanism through which XXXX glossary-securityresearcher XXXX can submit XXXX glossary-securityvulnerability XXXX they discover?

Yandex Disk
Yes
2.

Does the company XXXX glossary-clearlydisclose XXXX the timeframe in which it will review reports of XXXX glossary-securityvulnerability XXXX?

Yandex Disk
Yes
3.

Does the company commit not to pursue legal action against XXXX glossary-securityresearcher XXXX who report XXXX glossary-securityvulnerability XXXX within the terms of the company's reporting mechanism?

Yandex Disk
No Disclosure
4.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX that XXXX glossary-softwareupdate XXXX, security XXXX glossary-patch XXXX, add-ons, or extensions are downloaded over an XXXX glossary-encryption XXXX channel?

Yandex Disk
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, XXXX glossary-modifications XXXX it has made to a XXXX glossary-os XXXX?

Yandex Disk
NA
6.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send XXXX glossary-securityupdate XXXX to users?

Yandex Disk
NA
7.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company XXXX glossary-clearlydisclose XXXX the date through which it will continue to provide XXXX glossary-securityupdate XXXX for the XXXX glossary-device XXXX?

Yandex Disk
NA
8.

(For mobile ecosystems and XXXX glossary-personaldig XXXX) Does the company commit to provide XXXX glossary-securityupdate XXXX for the operating system and other critical software for a minimum of five years after release?

Yandex Disk
NA
9.

(For mobile ecosystems, XXXX glossary-personaldig XXXX, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security XXXX glossary-patch XXXX within one month of a XXXX glossary-securityvulnerability XXXX being announced to the public?

Yandex Disk
NA
10.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, modifications it has made to a personal digital assistant operating system?

Yandex Disk
NA
11.

(For XXXX glossary-personaldig XXXX): Does the company XXXX glossary-clearlydisclose XXXX what, if any, effect such modifications have on the company's ability to send security updates to users?

Yandex Disk
NA
Average67