P14. Addressing security vulnerabilities

The company should address security vulnerabilities when they are discovered.

 
100%0%
75
MTN
25
Airtel
25
AT&T
25
Orange
25
Telefónica
25
Vodafone
13
Deutsche Telekom
4
Telenor
0
América Móvil
0
Axiata
0
Etisalat
0
Ooredoo
Select companies:
Select companies
Sort
Alphabetically
25%

AT&T

P14. Addressing security vulnerabilities
1.

Does the company clearly disclose that it has a mechanism through which security researchers can submit vulnerabilities they discover?

AT&T (Prepaid mobile)
Yes
2.

Does the company clearly disclose the timeframe in which it will review reports of vulnerabilities?

AT&T (Prepaid mobile)
No
3.

Does the company commit not to pursue legal action against researchers who report vulnerabilities within the terms of the company's reporting mechanism?

AT&T (Prepaid mobile)
No Disclosure
4.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose that software updates, security patches, add-ons, or extensions are downloaded over an encrypted channel?

AT&T (Prepaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company clearly disclose what, if any, modifications it has made to a mobile operating system?

AT&T (Prepaid mobile)
No Disclosure
6.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

AT&T (Prepaid mobile)
No Disclosure
7.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose the date through which it will continue to provide security updates for the device/OS?

AT&T (Prepaid mobile)
NA
8.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company commit to provide security updates for the operating system and other critical software for a minimum of five years after release?

AT&T (Prepaid mobile)
NA
9.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security patches within one month of a vulnerability being announced to the public?

AT&T (Prepaid mobile)
No Disclosure
10.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, modifications it has made to a personal digital assistant operating system?

AT&T (Prepaid mobile)
NA
11.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

AT&T (Prepaid mobile)
NA
Average17
1.

Does the company clearly disclose that it has a mechanism through which security researchers can submit vulnerabilities they discover?

AT&T (Postpaid mobile)
Yes
2.

Does the company clearly disclose the timeframe in which it will review reports of vulnerabilities?

AT&T (Postpaid mobile)
No
3.

Does the company commit not to pursue legal action against researchers who report vulnerabilities within the terms of the company's reporting mechanism?

AT&T (Postpaid mobile)
No Disclosure
4.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose that software updates, security patches, add-ons, or extensions are downloaded over an encrypted channel?

AT&T (Postpaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company clearly disclose what, if any, modifications it has made to a mobile operating system?

AT&T (Postpaid mobile)
No Disclosure
6.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

AT&T (Postpaid mobile)
No Disclosure
7.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose the date through which it will continue to provide security updates for the device/OS?

AT&T (Postpaid mobile)
NA
8.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company commit to provide security updates for the operating system and other critical software for a minimum of five years after release?

AT&T (Postpaid mobile)
NA
9.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security patches within one month of a vulnerability being announced to the public?

AT&T (Postpaid mobile)
No Disclosure
10.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, modifications it has made to a personal digital assistant operating system?

AT&T (Postpaid mobile)
NA
11.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

AT&T (Postpaid mobile)
NA
Average17
1.

Does the company clearly disclose that it has a mechanism through which security researchers can submit vulnerabilities they discover?

AT&T (Fixed-line broadband)
Yes
2.

Does the company clearly disclose the timeframe in which it will review reports of vulnerabilities?

AT&T (Fixed-line broadband)
No
3.

Does the company commit not to pursue legal action against researchers who report vulnerabilities within the terms of the company's reporting mechanism?

AT&T (Fixed-line broadband)
No Disclosure
4.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose that software updates, security patches, add-ons, or extensions are downloaded over an encrypted channel?

AT&T (Fixed-line broadband)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company clearly disclose what, if any, modifications it has made to a mobile operating system?

AT&T (Fixed-line broadband)
NA
6.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

AT&T (Fixed-line broadband)
NA
7.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose the date through which it will continue to provide security updates for the device/OS?

AT&T (Fixed-line broadband)
NA
8.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company commit to provide security updates for the operating system and other critical software for a minimum of five years after release?

AT&T (Fixed-line broadband)
NA
9.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security patches within one month of a vulnerability being announced to the public?

AT&T (Fixed-line broadband)
NA
10.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, modifications it has made to a personal digital assistant operating system?

AT&T (Fixed-line broadband)
NA
11.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

AT&T (Fixed-line broadband)
NA
Average33
25%

Airtel

P14. Addressing security vulnerabilities
1.

Does the company clearly disclose that it has a mechanism through which security researchers can submit vulnerabilities they discover?

Airtel India (Prepaid mobile)
Yes
2.

Does the company clearly disclose the timeframe in which it will review reports of vulnerabilities?

Airtel India (Prepaid mobile)
No Disclosure
3.

Does the company commit not to pursue legal action against researchers who report vulnerabilities within the terms of the company's reporting mechanism?

Airtel India (Prepaid mobile)
No Disclosure
4.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose that software updates, security patches, add-ons, or extensions are downloaded over an encrypted channel?

Airtel India (Prepaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company clearly disclose what, if any, modifications it has made to a mobile operating system?

Airtel India (Prepaid mobile)
No Disclosure
6.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Airtel India (Prepaid mobile)
No Disclosure
7.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose the date through which it will continue to provide security updates for the device/OS?

Airtel India (Prepaid mobile)
NA
8.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company commit to provide security updates for the operating system and other critical software for a minimum of five years after release?

Airtel India (Prepaid mobile)
NA
9.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security patches within one month of a vulnerability being announced to the public?

Airtel India (Prepaid mobile)
No Disclosure
10.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, modifications it has made to a personal digital assistant operating system?

Airtel India (Prepaid mobile)
NA
11.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Airtel India (Prepaid mobile)
NA
Average17
1.

Does the company clearly disclose that it has a mechanism through which security researchers can submit vulnerabilities they discover?

Airtel India (Postpaid mobile)
Yes
2.

Does the company clearly disclose the timeframe in which it will review reports of vulnerabilities?

Airtel India (Postpaid mobile)
No Disclosure
3.

Does the company commit not to pursue legal action against researchers who report vulnerabilities within the terms of the company's reporting mechanism?

Airtel India (Postpaid mobile)
No Disclosure
4.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose that software updates, security patches, add-ons, or extensions are downloaded over an encrypted channel?

Airtel India (Postpaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company clearly disclose what, if any, modifications it has made to a mobile operating system?

Airtel India (Postpaid mobile)
No Disclosure
6.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Airtel India (Postpaid mobile)
No Disclosure
7.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose the date through which it will continue to provide security updates for the device/OS?

Airtel India (Postpaid mobile)
NA
8.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company commit to provide security updates for the operating system and other critical software for a minimum of five years after release?

Airtel India (Postpaid mobile)
NA
9.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security patches within one month of a vulnerability being announced to the public?

Airtel India (Postpaid mobile)
No Disclosure
10.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, modifications it has made to a personal digital assistant operating system?

Airtel India (Postpaid mobile)
NA
11.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Airtel India (Postpaid mobile)
NA
Average17
1.

Does the company clearly disclose that it has a mechanism through which security researchers can submit vulnerabilities they discover?

Airtel India (Fixed-line broadband)
Yes
2.

Does the company clearly disclose the timeframe in which it will review reports of vulnerabilities?

Airtel India (Fixed-line broadband)
No Disclosure
3.

Does the company commit not to pursue legal action against researchers who report vulnerabilities within the terms of the company's reporting mechanism?

Airtel India (Fixed-line broadband)
No Disclosure
4.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose that software updates, security patches, add-ons, or extensions are downloaded over an encrypted channel?

Airtel India (Fixed-line broadband)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company clearly disclose what, if any, modifications it has made to a mobile operating system?

Airtel India (Fixed-line broadband)
NA
6.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Airtel India (Fixed-line broadband)
NA
7.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose the date through which it will continue to provide security updates for the device/OS?

Airtel India (Fixed-line broadband)
NA
8.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company commit to provide security updates for the operating system and other critical software for a minimum of five years after release?

Airtel India (Fixed-line broadband)
NA
9.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security patches within one month of a vulnerability being announced to the public?

Airtel India (Fixed-line broadband)
NA
10.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, modifications it has made to a personal digital assistant operating system?

Airtel India (Fixed-line broadband)
NA
11.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Airtel India (Fixed-line broadband)
NA
Average33
0%

América Móvil

P14. Addressing security vulnerabilities
1.

Does the company clearly disclose that it has a mechanism through which security researchers can submit vulnerabilities they discover?

Telcel (Prepaid mobile)
No Disclosure
2.

Does the company clearly disclose the timeframe in which it will review reports of vulnerabilities?

Telcel (Prepaid mobile)
No Disclosure
3.

Does the company commit not to pursue legal action against researchers who report vulnerabilities within the terms of the company's reporting mechanism?

Telcel (Prepaid mobile)
No Disclosure
4.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose that software updates, security patches, add-ons, or extensions are downloaded over an encrypted channel?

Telcel (Prepaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company clearly disclose what, if any, modifications it has made to a mobile operating system?

Telcel (Prepaid mobile)
No Disclosure
6.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Telcel (Prepaid mobile)
No Disclosure
7.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose the date through which it will continue to provide security updates for the device/OS?

Telcel (Prepaid mobile)
NA
8.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company commit to provide security updates for the operating system and other critical software for a minimum of five years after release?

Telcel (Prepaid mobile)
NA
9.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security patches within one month of a vulnerability being announced to the public?

Telcel (Prepaid mobile)
No Disclosure
10.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, modifications it has made to a personal digital assistant operating system?

Telcel (Prepaid mobile)
NA
11.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Telcel (Prepaid mobile)
NA
AverageNA
1.

Does the company clearly disclose that it has a mechanism through which security researchers can submit vulnerabilities they discover?

Telcel (Postpaid mobile)
No Disclosure
2.

Does the company clearly disclose the timeframe in which it will review reports of vulnerabilities?

Telcel (Postpaid mobile)
No Disclosure
3.

Does the company commit not to pursue legal action against researchers who report vulnerabilities within the terms of the company's reporting mechanism?

Telcel (Postpaid mobile)
No Disclosure
4.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose that software updates, security patches, add-ons, or extensions are downloaded over an encrypted channel?

Telcel (Postpaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company clearly disclose what, if any, modifications it has made to a mobile operating system?

Telcel (Postpaid mobile)
No Disclosure
6.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Telcel (Postpaid mobile)
No Disclosure
7.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose the date through which it will continue to provide security updates for the device/OS?

Telcel (Postpaid mobile)
NA
8.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company commit to provide security updates for the operating system and other critical software for a minimum of five years after release?

Telcel (Postpaid mobile)
NA
9.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security patches within one month of a vulnerability being announced to the public?

Telcel (Postpaid mobile)
No Disclosure
10.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, modifications it has made to a personal digital assistant operating system?

Telcel (Postpaid mobile)
NA
11.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Telcel (Postpaid mobile)
NA
AverageNA
0%

Axiata

P14. Addressing security vulnerabilities
1.

Does the company clearly disclose that it has a mechanism through which security researchers can submit vulnerabilities they discover?

Celcom (Prepaid mobile)
No Disclosure
2.

Does the company clearly disclose the timeframe in which it will review reports of vulnerabilities?

Celcom (Prepaid mobile)
No Disclosure
3.

Does the company commit not to pursue legal action against researchers who report vulnerabilities within the terms of the company's reporting mechanism?

Celcom (Prepaid mobile)
No Disclosure
4.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose that software updates, security patches, add-ons, or extensions are downloaded over an encrypted channel?

Celcom (Prepaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company clearly disclose what, if any, modifications it has made to a mobile operating system?

Celcom (Prepaid mobile)
No Disclosure
6.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Celcom (Prepaid mobile)
No Disclosure
7.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose the date through which it will continue to provide security updates for the device/OS?

Celcom (Prepaid mobile)
NA
8.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company commit to provide security updates for the operating system and other critical software for a minimum of five years after release?

Celcom (Prepaid mobile)
NA
9.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security patches within one month of a vulnerability being announced to the public?

Celcom (Prepaid mobile)
No Disclosure
10.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, modifications it has made to a personal digital assistant operating system?

Celcom (Prepaid mobile)
NA
11.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Celcom (Prepaid mobile)
NA
AverageNA
1.

Does the company clearly disclose that it has a mechanism through which security researchers can submit vulnerabilities they discover?

Celcom (Postpaid mobile)
No Disclosure
2.

Does the company clearly disclose the timeframe in which it will review reports of vulnerabilities?

Celcom (Postpaid mobile)
No Disclosure
3.

Does the company commit not to pursue legal action against researchers who report vulnerabilities within the terms of the company's reporting mechanism?

Celcom (Postpaid mobile)
No Disclosure
4.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose that software updates, security patches, add-ons, or extensions are downloaded over an encrypted channel?

Celcom (Postpaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company clearly disclose what, if any, modifications it has made to a mobile operating system?

Celcom (Postpaid mobile)
No Disclosure
6.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Celcom (Postpaid mobile)
No Disclosure
7.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose the date through which it will continue to provide security updates for the device/OS?

Celcom (Postpaid mobile)
NA
8.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company commit to provide security updates for the operating system and other critical software for a minimum of five years after release?

Celcom (Postpaid mobile)
NA
9.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security patches within one month of a vulnerability being announced to the public?

Celcom (Postpaid mobile)
No Disclosure
10.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, modifications it has made to a personal digital assistant operating system?

Celcom (Postpaid mobile)
NA
11.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Celcom (Postpaid mobile)
NA
AverageNA
1.

Does the company clearly disclose that it has a mechanism through which security researchers can submit vulnerabilities they discover?

Celcom (Fixed-line broadband)
No Disclosure
2.

Does the company clearly disclose the timeframe in which it will review reports of vulnerabilities?

Celcom (Fixed-line broadband)
No Disclosure
3.

Does the company commit not to pursue legal action against researchers who report vulnerabilities within the terms of the company's reporting mechanism?

Celcom (Fixed-line broadband)
No Disclosure
4.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose that software updates, security patches, add-ons, or extensions are downloaded over an encrypted channel?

Celcom (Fixed-line broadband)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company clearly disclose what, if any, modifications it has made to a mobile operating system?

Celcom (Fixed-line broadband)
NA
6.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Celcom (Fixed-line broadband)
NA
7.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose the date through which it will continue to provide security updates for the device/OS?

Celcom (Fixed-line broadband)
NA
8.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company commit to provide security updates for the operating system and other critical software for a minimum of five years after release?

Celcom (Fixed-line broadband)
NA
9.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security patches within one month of a vulnerability being announced to the public?

Celcom (Fixed-line broadband)
NA
10.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, modifications it has made to a personal digital assistant operating system?

Celcom (Fixed-line broadband)
NA
11.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Celcom (Fixed-line broadband)
NA
AverageNA
13%

Deutsche Telekom

P14. Addressing security vulnerabilities
1.

Does the company clearly disclose that it has a mechanism through which security researchers can submit vulnerabilities they discover?

Deutsche Telekom Germany (Prepaid mobile)
Partial
2.

Does the company clearly disclose the timeframe in which it will review reports of vulnerabilities?

Deutsche Telekom Germany (Prepaid mobile)
No Disclosure
3.

Does the company commit not to pursue legal action against researchers who report vulnerabilities within the terms of the company's reporting mechanism?

Deutsche Telekom Germany (Prepaid mobile)
No Disclosure
4.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose that software updates, security patches, add-ons, or extensions are downloaded over an encrypted channel?

Deutsche Telekom Germany (Prepaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company clearly disclose what, if any, modifications it has made to a mobile operating system?

Deutsche Telekom Germany (Prepaid mobile)
No Disclosure
6.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Deutsche Telekom Germany (Prepaid mobile)
No Disclosure
7.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose the date through which it will continue to provide security updates for the device/OS?

Deutsche Telekom Germany (Prepaid mobile)
NA
8.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company commit to provide security updates for the operating system and other critical software for a minimum of five years after release?

Deutsche Telekom Germany (Prepaid mobile)
NA
9.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security patches within one month of a vulnerability being announced to the public?

Deutsche Telekom Germany (Prepaid mobile)
No Disclosure
10.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, modifications it has made to a personal digital assistant operating system?

Deutsche Telekom Germany (Prepaid mobile)
NA
11.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Deutsche Telekom Germany (Prepaid mobile)
NA
Average8
1.

Does the company clearly disclose that it has a mechanism through which security researchers can submit vulnerabilities they discover?

Deutsche Telekom Germany (Postpaid mobile)
Partial
2.

Does the company clearly disclose the timeframe in which it will review reports of vulnerabilities?

Deutsche Telekom Germany (Postpaid mobile)
No Disclosure
3.

Does the company commit not to pursue legal action against researchers who report vulnerabilities within the terms of the company's reporting mechanism?

Deutsche Telekom Germany (Postpaid mobile)
No Disclosure
4.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose that software updates, security patches, add-ons, or extensions are downloaded over an encrypted channel?

Deutsche Telekom Germany (Postpaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company clearly disclose what, if any, modifications it has made to a mobile operating system?

Deutsche Telekom Germany (Postpaid mobile)
No Disclosure
6.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Deutsche Telekom Germany (Postpaid mobile)
No Disclosure
7.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose the date through which it will continue to provide security updates for the device/OS?

Deutsche Telekom Germany (Postpaid mobile)
NA
8.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company commit to provide security updates for the operating system and other critical software for a minimum of five years after release?

Deutsche Telekom Germany (Postpaid mobile)
NA
9.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security patches within one month of a vulnerability being announced to the public?

Deutsche Telekom Germany (Postpaid mobile)
No Disclosure
10.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, modifications it has made to a personal digital assistant operating system?

Deutsche Telekom Germany (Postpaid mobile)
NA
11.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Deutsche Telekom Germany (Postpaid mobile)
NA
Average8
1.

Does the company clearly disclose that it has a mechanism through which security researchers can submit vulnerabilities they discover?

Deutsche Telekom Germany (Fixed-line broadband)
Partial
2.

Does the company clearly disclose the timeframe in which it will review reports of vulnerabilities?

Deutsche Telekom Germany (Fixed-line broadband)
No Disclosure
3.

Does the company commit not to pursue legal action against researchers who report vulnerabilities within the terms of the company's reporting mechanism?

Deutsche Telekom Germany (Fixed-line broadband)
No Disclosure
4.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose that software updates, security patches, add-ons, or extensions are downloaded over an encrypted channel?

Deutsche Telekom Germany (Fixed-line broadband)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company clearly disclose what, if any, modifications it has made to a mobile operating system?

Deutsche Telekom Germany (Fixed-line broadband)
NA
6.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Deutsche Telekom Germany (Fixed-line broadband)
NA
7.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose the date through which it will continue to provide security updates for the device/OS?

Deutsche Telekom Germany (Fixed-line broadband)
NA
8.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company commit to provide security updates for the operating system and other critical software for a minimum of five years after release?

Deutsche Telekom Germany (Fixed-line broadband)
NA
9.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security patches within one month of a vulnerability being announced to the public?

Deutsche Telekom Germany (Fixed-line broadband)
NA
10.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, modifications it has made to a personal digital assistant operating system?

Deutsche Telekom Germany (Fixed-line broadband)
NA
11.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Deutsche Telekom Germany (Fixed-line broadband)
NA
Average17
0%

Etisalat

P14. Addressing security vulnerabilities
1.

Does the company clearly disclose that it has a mechanism through which security researchers can submit vulnerabilities they discover?

Etisalat UAE (Prepaid mobile)
No Disclosure
2.

Does the company clearly disclose the timeframe in which it will review reports of vulnerabilities?

Etisalat UAE (Prepaid mobile)
No Disclosure
3.

Does the company commit not to pursue legal action against researchers who report vulnerabilities within the terms of the company's reporting mechanism?

Etisalat UAE (Prepaid mobile)
No Disclosure
4.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose that software updates, security patches, add-ons, or extensions are downloaded over an encrypted channel?

Etisalat UAE (Prepaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company clearly disclose what, if any, modifications it has made to a mobile operating system?

Etisalat UAE (Prepaid mobile)
No Disclosure
6.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Etisalat UAE (Prepaid mobile)
No Disclosure
7.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose the date through which it will continue to provide security updates for the device/OS?

Etisalat UAE (Prepaid mobile)
NA
8.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company commit to provide security updates for the operating system and other critical software for a minimum of five years after release?

Etisalat UAE (Prepaid mobile)
NA
9.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security patches within one month of a vulnerability being announced to the public?

Etisalat UAE (Prepaid mobile)
No Disclosure
10.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, modifications it has made to a personal digital assistant operating system?

Etisalat UAE (Prepaid mobile)
NA
11.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Etisalat UAE (Prepaid mobile)
NA
AverageNA
1.

Does the company clearly disclose that it has a mechanism through which security researchers can submit vulnerabilities they discover?

Etisalat UAE (Postpaid mobile)
No Disclosure
2.

Does the company clearly disclose the timeframe in which it will review reports of vulnerabilities?

Etisalat UAE (Postpaid mobile)
No Disclosure
3.

Does the company commit not to pursue legal action against researchers who report vulnerabilities within the terms of the company's reporting mechanism?

Etisalat UAE (Postpaid mobile)
No Disclosure
4.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose that software updates, security patches, add-ons, or extensions are downloaded over an encrypted channel?

Etisalat UAE (Postpaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company clearly disclose what, if any, modifications it has made to a mobile operating system?

Etisalat UAE (Postpaid mobile)
No Disclosure
6.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Etisalat UAE (Postpaid mobile)
No Disclosure
7.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose the date through which it will continue to provide security updates for the device/OS?

Etisalat UAE (Postpaid mobile)
NA
8.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company commit to provide security updates for the operating system and other critical software for a minimum of five years after release?

Etisalat UAE (Postpaid mobile)
NA
9.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security patches within one month of a vulnerability being announced to the public?

Etisalat UAE (Postpaid mobile)
No Disclosure
10.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, modifications it has made to a personal digital assistant operating system?

Etisalat UAE (Postpaid mobile)
NA
11.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Etisalat UAE (Postpaid mobile)
NA
AverageNA
1.

Does the company clearly disclose that it has a mechanism through which security researchers can submit vulnerabilities they discover?

Etisalat UAE (Fixed-line broadband)
No Disclosure
2.

Does the company clearly disclose the timeframe in which it will review reports of vulnerabilities?

Etisalat UAE (Fixed-line broadband)
No Disclosure
3.

Does the company commit not to pursue legal action against researchers who report vulnerabilities within the terms of the company's reporting mechanism?

Etisalat UAE (Fixed-line broadband)
No Disclosure
4.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose that software updates, security patches, add-ons, or extensions are downloaded over an encrypted channel?

Etisalat UAE (Fixed-line broadband)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company clearly disclose what, if any, modifications it has made to a mobile operating system?

Etisalat UAE (Fixed-line broadband)
NA
6.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Etisalat UAE (Fixed-line broadband)
NA
7.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose the date through which it will continue to provide security updates for the device/OS?

Etisalat UAE (Fixed-line broadband)
NA
8.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company commit to provide security updates for the operating system and other critical software for a minimum of five years after release?

Etisalat UAE (Fixed-line broadband)
NA
9.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security patches within one month of a vulnerability being announced to the public?

Etisalat UAE (Fixed-line broadband)
NA
10.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, modifications it has made to a personal digital assistant operating system?

Etisalat UAE (Fixed-line broadband)
NA
11.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Etisalat UAE (Fixed-line broadband)
NA
AverageNA
75%

MTN

P14. Addressing security vulnerabilities
1.

Does the company clearly disclose that it has a mechanism through which security researchers can submit vulnerabilities they discover?

MTN South Africa (Prepaid mobile)
Yes
2.

Does the company clearly disclose the timeframe in which it will review reports of vulnerabilities?

MTN South Africa (Prepaid mobile)
Yes
3.

Does the company commit not to pursue legal action against researchers who report vulnerabilities within the terms of the company's reporting mechanism?

MTN South Africa (Prepaid mobile)
Yes
4.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose that software updates, security patches, add-ons, or extensions are downloaded over an encrypted channel?

MTN South Africa (Prepaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company clearly disclose what, if any, modifications it has made to a mobile operating system?

MTN South Africa (Prepaid mobile)
No Disclosure
6.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

MTN South Africa (Prepaid mobile)
No Disclosure
7.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose the date through which it will continue to provide security updates for the device/OS?

MTN South Africa (Prepaid mobile)
NA
8.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company commit to provide security updates for the operating system and other critical software for a minimum of five years after release?

MTN South Africa (Prepaid mobile)
NA
9.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security patches within one month of a vulnerability being announced to the public?

MTN South Africa (Prepaid mobile)
No Disclosure
10.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, modifications it has made to a personal digital assistant operating system?

MTN South Africa (Prepaid mobile)
NA
11.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

MTN South Africa (Prepaid mobile)
NA
Average50
1.

Does the company clearly disclose that it has a mechanism through which security researchers can submit vulnerabilities they discover?

MTN South Africa (Postpaid mobile)
Yes
2.

Does the company clearly disclose the timeframe in which it will review reports of vulnerabilities?

MTN South Africa (Postpaid mobile)
Yes
3.

Does the company commit not to pursue legal action against researchers who report vulnerabilities within the terms of the company's reporting mechanism?

MTN South Africa (Postpaid mobile)
Yes
4.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose that software updates, security patches, add-ons, or extensions are downloaded over an encrypted channel?

MTN South Africa (Postpaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company clearly disclose what, if any, modifications it has made to a mobile operating system?

MTN South Africa (Postpaid mobile)
No Disclosure
6.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

MTN South Africa (Postpaid mobile)
No Disclosure
7.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose the date through which it will continue to provide security updates for the device/OS?

MTN South Africa (Postpaid mobile)
NA
8.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company commit to provide security updates for the operating system and other critical software for a minimum of five years after release?

MTN South Africa (Postpaid mobile)
NA
9.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security patches within one month of a vulnerability being announced to the public?

MTN South Africa (Postpaid mobile)
No Disclosure
10.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, modifications it has made to a personal digital assistant operating system?

MTN South Africa (Postpaid mobile)
NA
11.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

MTN South Africa (Postpaid mobile)
NA
Average50
1.

Does the company clearly disclose that it has a mechanism through which security researchers can submit vulnerabilities they discover?

MTN South Africa (Fixed-line broadband)
Yes
2.

Does the company clearly disclose the timeframe in which it will review reports of vulnerabilities?

MTN South Africa (Fixed-line broadband)
Yes
3.

Does the company commit not to pursue legal action against researchers who report vulnerabilities within the terms of the company's reporting mechanism?

MTN South Africa (Fixed-line broadband)
Yes
4.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose that software updates, security patches, add-ons, or extensions are downloaded over an encrypted channel?

MTN South Africa (Fixed-line broadband)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company clearly disclose what, if any, modifications it has made to a mobile operating system?

MTN South Africa (Fixed-line broadband)
NA
6.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

MTN South Africa (Fixed-line broadband)
NA
7.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose the date through which it will continue to provide security updates for the device/OS?

MTN South Africa (Fixed-line broadband)
NA
8.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company commit to provide security updates for the operating system and other critical software for a minimum of five years after release?

MTN South Africa (Fixed-line broadband)
NA
9.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security patches within one month of a vulnerability being announced to the public?

MTN South Africa (Fixed-line broadband)
NA
10.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, modifications it has made to a personal digital assistant operating system?

MTN South Africa (Fixed-line broadband)
NA
11.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

MTN South Africa (Fixed-line broadband)
NA
Average100
0%

Ooredoo

P14. Addressing security vulnerabilities
1.

Does the company clearly disclose that it has a mechanism through which security researchers can submit vulnerabilities they discover?

Ooredoo Qatar (Prepaid mobile)
No Disclosure
2.

Does the company clearly disclose the timeframe in which it will review reports of vulnerabilities?

Ooredoo Qatar (Prepaid mobile)
No Disclosure
3.

Does the company commit not to pursue legal action against researchers who report vulnerabilities within the terms of the company's reporting mechanism?

Ooredoo Qatar (Prepaid mobile)
No Disclosure
4.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose that software updates, security patches, add-ons, or extensions are downloaded over an encrypted channel?

Ooredoo Qatar (Prepaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company clearly disclose what, if any, modifications it has made to a mobile operating system?

Ooredoo Qatar (Prepaid mobile)
No Disclosure
6.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Ooredoo Qatar (Prepaid mobile)
No Disclosure
7.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose the date through which it will continue to provide security updates for the device/OS?

Ooredoo Qatar (Prepaid mobile)
NA
8.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company commit to provide security updates for the operating system and other critical software for a minimum of five years after release?

Ooredoo Qatar (Prepaid mobile)
NA
9.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security patches within one month of a vulnerability being announced to the public?

Ooredoo Qatar (Prepaid mobile)
No Disclosure
10.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, modifications it has made to a personal digital assistant operating system?

Ooredoo Qatar (Prepaid mobile)
NA
11.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Ooredoo Qatar (Prepaid mobile)
NA
AverageNA
1.

Does the company clearly disclose that it has a mechanism through which security researchers can submit vulnerabilities they discover?

Ooredoo Qatar (Postpaid mobile)
No Disclosure
2.

Does the company clearly disclose the timeframe in which it will review reports of vulnerabilities?

Ooredoo Qatar (Postpaid mobile)
No Disclosure
3.

Does the company commit not to pursue legal action against researchers who report vulnerabilities within the terms of the company's reporting mechanism?

Ooredoo Qatar (Postpaid mobile)
No Disclosure
4.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose that software updates, security patches, add-ons, or extensions are downloaded over an encrypted channel?

Ooredoo Qatar (Postpaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company clearly disclose what, if any, modifications it has made to a mobile operating system?

Ooredoo Qatar (Postpaid mobile)
No Disclosure
6.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Ooredoo Qatar (Postpaid mobile)
No Disclosure
7.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose the date through which it will continue to provide security updates for the device/OS?

Ooredoo Qatar (Postpaid mobile)
NA
8.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company commit to provide security updates for the operating system and other critical software for a minimum of five years after release?

Ooredoo Qatar (Postpaid mobile)
NA
9.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security patches within one month of a vulnerability being announced to the public?

Ooredoo Qatar (Postpaid mobile)
No Disclosure
10.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, modifications it has made to a personal digital assistant operating system?

Ooredoo Qatar (Postpaid mobile)
NA
11.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Ooredoo Qatar (Postpaid mobile)
NA
AverageNA
1.

Does the company clearly disclose that it has a mechanism through which security researchers can submit vulnerabilities they discover?

Ooredoo Qatar (Fixed-line broadband)
No Disclosure
2.

Does the company clearly disclose the timeframe in which it will review reports of vulnerabilities?

Ooredoo Qatar (Fixed-line broadband)
No Disclosure
3.

Does the company commit not to pursue legal action against researchers who report vulnerabilities within the terms of the company's reporting mechanism?

Ooredoo Qatar (Fixed-line broadband)
No Disclosure
4.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose that software updates, security patches, add-ons, or extensions are downloaded over an encrypted channel?

Ooredoo Qatar (Fixed-line broadband)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company clearly disclose what, if any, modifications it has made to a mobile operating system?

Ooredoo Qatar (Fixed-line broadband)
NA
6.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Ooredoo Qatar (Fixed-line broadband)
NA
7.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose the date through which it will continue to provide security updates for the device/OS?

Ooredoo Qatar (Fixed-line broadband)
NA
8.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company commit to provide security updates for the operating system and other critical software for a minimum of five years after release?

Ooredoo Qatar (Fixed-line broadband)
NA
9.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security patches within one month of a vulnerability being announced to the public?

Ooredoo Qatar (Fixed-line broadband)
NA
10.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, modifications it has made to a personal digital assistant operating system?

Ooredoo Qatar (Fixed-line broadband)
NA
11.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Ooredoo Qatar (Fixed-line broadband)
NA
AverageNA
25%

Orange

P14. Addressing security vulnerabilities
1.

Does the company clearly disclose that it has a mechanism through which security researchers can submit vulnerabilities they discover?

Orange France (Prepaid mobile)
Yes
2.

Does the company clearly disclose the timeframe in which it will review reports of vulnerabilities?

Orange France (Prepaid mobile)
No Disclosure
3.

Does the company commit not to pursue legal action against researchers who report vulnerabilities within the terms of the company's reporting mechanism?

Orange France (Prepaid mobile)
No Disclosure
4.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose that software updates, security patches, add-ons, or extensions are downloaded over an encrypted channel?

Orange France (Prepaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company clearly disclose what, if any, modifications it has made to a mobile operating system?

Orange France (Prepaid mobile)
No Disclosure
6.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Orange France (Prepaid mobile)
No Disclosure
7.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose the date through which it will continue to provide security updates for the device/OS?

Orange France (Prepaid mobile)
NA
8.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company commit to provide security updates for the operating system and other critical software for a minimum of five years after release?

Orange France (Prepaid mobile)
NA
9.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security patches within one month of a vulnerability being announced to the public?

Orange France (Prepaid mobile)
No Disclosure
10.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, modifications it has made to a personal digital assistant operating system?

Orange France (Prepaid mobile)
NA
11.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Orange France (Prepaid mobile)
NA
Average17
1.

Does the company clearly disclose that it has a mechanism through which security researchers can submit vulnerabilities they discover?

Orange France (Postpaid mobile)
Yes
2.

Does the company clearly disclose the timeframe in which it will review reports of vulnerabilities?

Orange France (Postpaid mobile)
No Disclosure
3.

Does the company commit not to pursue legal action against researchers who report vulnerabilities within the terms of the company's reporting mechanism?

Orange France (Postpaid mobile)
No Disclosure
4.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose that software updates, security patches, add-ons, or extensions are downloaded over an encrypted channel?

Orange France (Postpaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company clearly disclose what, if any, modifications it has made to a mobile operating system?

Orange France (Postpaid mobile)
No Disclosure
6.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Orange France (Postpaid mobile)
No Disclosure
7.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose the date through which it will continue to provide security updates for the device/OS?

Orange France (Postpaid mobile)
NA
8.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company commit to provide security updates for the operating system and other critical software for a minimum of five years after release?

Orange France (Postpaid mobile)
NA
9.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security patches within one month of a vulnerability being announced to the public?

Orange France (Postpaid mobile)
No Disclosure
10.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, modifications it has made to a personal digital assistant operating system?

Orange France (Postpaid mobile)
NA
11.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Orange France (Postpaid mobile)
NA
Average17
1.

Does the company clearly disclose that it has a mechanism through which security researchers can submit vulnerabilities they discover?

Orange France (Fixed-line broadband)
Yes
2.

Does the company clearly disclose the timeframe in which it will review reports of vulnerabilities?

Orange France (Fixed-line broadband)
No Disclosure
3.

Does the company commit not to pursue legal action against researchers who report vulnerabilities within the terms of the company's reporting mechanism?

Orange France (Fixed-line broadband)
No Disclosure
4.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose that software updates, security patches, add-ons, or extensions are downloaded over an encrypted channel?

Orange France (Fixed-line broadband)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company clearly disclose what, if any, modifications it has made to a mobile operating system?

Orange France (Fixed-line broadband)
NA
6.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Orange France (Fixed-line broadband)
NA
7.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose the date through which it will continue to provide security updates for the device/OS?

Orange France (Fixed-line broadband)
NA
8.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company commit to provide security updates for the operating system and other critical software for a minimum of five years after release?

Orange France (Fixed-line broadband)
NA
9.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security patches within one month of a vulnerability being announced to the public?

Orange France (Fixed-line broadband)
NA
10.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, modifications it has made to a personal digital assistant operating system?

Orange France (Fixed-line broadband)
NA
11.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Orange France (Fixed-line broadband)
NA
Average33
25%

Telefónica

P14. Addressing security vulnerabilities
1.

Does the company clearly disclose that it has a mechanism through which security researchers can submit vulnerabilities they discover?

Movistar (Prepaid mobile)
Yes
2.

Does the company clearly disclose the timeframe in which it will review reports of vulnerabilities?

Movistar (Prepaid mobile)
No Disclosure
3.

Does the company commit not to pursue legal action against researchers who report vulnerabilities within the terms of the company's reporting mechanism?

Movistar (Prepaid mobile)
No Disclosure
4.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose that software updates, security patches, add-ons, or extensions are downloaded over an encrypted channel?

Movistar (Prepaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company clearly disclose what, if any, modifications it has made to a mobile operating system?

Movistar (Prepaid mobile)
No Disclosure
6.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Movistar (Prepaid mobile)
No Disclosure
7.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose the date through which it will continue to provide security updates for the device/OS?

Movistar (Prepaid mobile)
NA
8.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company commit to provide security updates for the operating system and other critical software for a minimum of five years after release?

Movistar (Prepaid mobile)
NA
9.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security patches within one month of a vulnerability being announced to the public?

Movistar (Prepaid mobile)
No Disclosure
10.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, modifications it has made to a personal digital assistant operating system?

Movistar (Prepaid mobile)
NA
11.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Movistar (Prepaid mobile)
NA
Average17
1.

Does the company clearly disclose that it has a mechanism through which security researchers can submit vulnerabilities they discover?

Movistar (Postpaid mobile)
Yes
2.

Does the company clearly disclose the timeframe in which it will review reports of vulnerabilities?

Movistar (Postpaid mobile)
No Disclosure
3.

Does the company commit not to pursue legal action against researchers who report vulnerabilities within the terms of the company's reporting mechanism?

Movistar (Postpaid mobile)
No Disclosure
4.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose that software updates, security patches, add-ons, or extensions are downloaded over an encrypted channel?

Movistar (Postpaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company clearly disclose what, if any, modifications it has made to a mobile operating system?

Movistar (Postpaid mobile)
No Disclosure
6.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Movistar (Postpaid mobile)
No Disclosure
7.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose the date through which it will continue to provide security updates for the device/OS?

Movistar (Postpaid mobile)
NA
8.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company commit to provide security updates for the operating system and other critical software for a minimum of five years after release?

Movistar (Postpaid mobile)
NA
9.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security patches within one month of a vulnerability being announced to the public?

Movistar (Postpaid mobile)
No Disclosure
10.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, modifications it has made to a personal digital assistant operating system?

Movistar (Postpaid mobile)
NA
11.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Movistar (Postpaid mobile)
NA
Average17
1.

Does the company clearly disclose that it has a mechanism through which security researchers can submit vulnerabilities they discover?

Movistar (Fixed-line broadband)
Yes
2.

Does the company clearly disclose the timeframe in which it will review reports of vulnerabilities?

Movistar (Fixed-line broadband)
No Disclosure
3.

Does the company commit not to pursue legal action against researchers who report vulnerabilities within the terms of the company's reporting mechanism?

Movistar (Fixed-line broadband)
No Disclosure
4.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose that software updates, security patches, add-ons, or extensions are downloaded over an encrypted channel?

Movistar (Fixed-line broadband)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company clearly disclose what, if any, modifications it has made to a mobile operating system?

Movistar (Fixed-line broadband)
NA
6.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Movistar (Fixed-line broadband)
NA
7.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose the date through which it will continue to provide security updates for the device/OS?

Movistar (Fixed-line broadband)
NA
8.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company commit to provide security updates for the operating system and other critical software for a minimum of five years after release?

Movistar (Fixed-line broadband)
NA
9.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security patches within one month of a vulnerability being announced to the public?

Movistar (Fixed-line broadband)
NA
10.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, modifications it has made to a personal digital assistant operating system?

Movistar (Fixed-line broadband)
NA
11.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Movistar (Fixed-line broadband)
NA
Average33
4%

Telenor

P14. Addressing security vulnerabilities
1.

Does the company clearly disclose that it has a mechanism through which security researchers can submit vulnerabilities they discover?

Telenor Norway (Prepaid mobile)
No Disclosure
2.

Does the company clearly disclose the timeframe in which it will review reports of vulnerabilities?

Telenor Norway (Prepaid mobile)
No Disclosure
3.

Does the company commit not to pursue legal action against researchers who report vulnerabilities within the terms of the company's reporting mechanism?

Telenor Norway (Prepaid mobile)
No Disclosure
4.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose that software updates, security patches, add-ons, or extensions are downloaded over an encrypted channel?

Telenor Norway (Prepaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company clearly disclose what, if any, modifications it has made to a mobile operating system?

Telenor Norway (Prepaid mobile)
Partial
6.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Telenor Norway (Prepaid mobile)
No Disclosure
7.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose the date through which it will continue to provide security updates for the device/OS?

Telenor Norway (Prepaid mobile)
NA
8.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company commit to provide security updates for the operating system and other critical software for a minimum of five years after release?

Telenor Norway (Prepaid mobile)
NA
9.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security patches within one month of a vulnerability being announced to the public?

Telenor Norway (Prepaid mobile)
No Disclosure
10.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, modifications it has made to a personal digital assistant operating system?

Telenor Norway (Prepaid mobile)
NA
11.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Telenor Norway (Prepaid mobile)
NA
Average8
1.

Does the company clearly disclose that it has a mechanism through which security researchers can submit vulnerabilities they discover?

Telenor Norway (Postpaid mobile)
No Disclosure
2.

Does the company clearly disclose the timeframe in which it will review reports of vulnerabilities?

Telenor Norway (Postpaid mobile)
No Disclosure
3.

Does the company commit not to pursue legal action against researchers who report vulnerabilities within the terms of the company's reporting mechanism?

Telenor Norway (Postpaid mobile)
No Disclosure
4.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose that software updates, security patches, add-ons, or extensions are downloaded over an encrypted channel?

Telenor Norway (Postpaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company clearly disclose what, if any, modifications it has made to a mobile operating system?

Telenor Norway (Postpaid mobile)
Partial
6.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Telenor Norway (Postpaid mobile)
No Disclosure
7.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose the date through which it will continue to provide security updates for the device/OS?

Telenor Norway (Postpaid mobile)
NA
8.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company commit to provide security updates for the operating system and other critical software for a minimum of five years after release?

Telenor Norway (Postpaid mobile)
NA
9.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security patches within one month of a vulnerability being announced to the public?

Telenor Norway (Postpaid mobile)
No Disclosure
10.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, modifications it has made to a personal digital assistant operating system?

Telenor Norway (Postpaid mobile)
NA
11.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Telenor Norway (Postpaid mobile)
NA
Average8
1.

Does the company clearly disclose that it has a mechanism through which security researchers can submit vulnerabilities they discover?

Telenor Norway (Fixed-line broadband)
No Disclosure
2.

Does the company clearly disclose the timeframe in which it will review reports of vulnerabilities?

Telenor Norway (Fixed-line broadband)
No Disclosure
3.

Does the company commit not to pursue legal action against researchers who report vulnerabilities within the terms of the company's reporting mechanism?

Telenor Norway (Fixed-line broadband)
No Disclosure
4.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose that software updates, security patches, add-ons, or extensions are downloaded over an encrypted channel?

Telenor Norway (Fixed-line broadband)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company clearly disclose what, if any, modifications it has made to a mobile operating system?

Telenor Norway (Fixed-line broadband)
NA
6.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Telenor Norway (Fixed-line broadband)
NA
7.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose the date through which it will continue to provide security updates for the device/OS?

Telenor Norway (Fixed-line broadband)
NA
8.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company commit to provide security updates for the operating system and other critical software for a minimum of five years after release?

Telenor Norway (Fixed-line broadband)
NA
9.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security patches within one month of a vulnerability being announced to the public?

Telenor Norway (Fixed-line broadband)
NA
10.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, modifications it has made to a personal digital assistant operating system?

Telenor Norway (Fixed-line broadband)
NA
11.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Telenor Norway (Fixed-line broadband)
NA
AverageNA
25%

Vodafone

P14. Addressing security vulnerabilities
1.

Does the company clearly disclose that it has a mechanism through which security researchers can submit vulnerabilities they discover?

Vodafone UK (Prepaid mobile)
Yes
2.

Does the company clearly disclose the timeframe in which it will review reports of vulnerabilities?

Vodafone UK (Prepaid mobile)
No Disclosure
3.

Does the company commit not to pursue legal action against researchers who report vulnerabilities within the terms of the company's reporting mechanism?

Vodafone UK (Prepaid mobile)
No Disclosure
4.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose that software updates, security patches, add-ons, or extensions are downloaded over an encrypted channel?

Vodafone UK (Prepaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company clearly disclose what, if any, modifications it has made to a mobile operating system?

Vodafone UK (Prepaid mobile)
No Disclosure
6.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Vodafone UK (Prepaid mobile)
No Disclosure
7.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose the date through which it will continue to provide security updates for the device/OS?

Vodafone UK (Prepaid mobile)
NA
8.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company commit to provide security updates for the operating system and other critical software for a minimum of five years after release?

Vodafone UK (Prepaid mobile)
NA
9.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security patches within one month of a vulnerability being announced to the public?

Vodafone UK (Prepaid mobile)
No Disclosure
10.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, modifications it has made to a personal digital assistant operating system?

Vodafone UK (Prepaid mobile)
NA
11.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Vodafone UK (Prepaid mobile)
NA
Average17
1.

Does the company clearly disclose that it has a mechanism through which security researchers can submit vulnerabilities they discover?

Vodafone UK (Postpaid mobile)
Yes
2.

Does the company clearly disclose the timeframe in which it will review reports of vulnerabilities?

Vodafone UK (Postpaid mobile)
No Disclosure
3.

Does the company commit not to pursue legal action against researchers who report vulnerabilities within the terms of the company's reporting mechanism?

Vodafone UK (Postpaid mobile)
No Disclosure
4.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose that software updates, security patches, add-ons, or extensions are downloaded over an encrypted channel?

Vodafone UK (Postpaid mobile)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company clearly disclose what, if any, modifications it has made to a mobile operating system?

Vodafone UK (Postpaid mobile)
No Disclosure
6.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Vodafone UK (Postpaid mobile)
No Disclosure
7.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose the date through which it will continue to provide security updates for the device/OS?

Vodafone UK (Postpaid mobile)
NA
8.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company commit to provide security updates for the operating system and other critical software for a minimum of five years after release?

Vodafone UK (Postpaid mobile)
NA
9.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security patches within one month of a vulnerability being announced to the public?

Vodafone UK (Postpaid mobile)
No Disclosure
10.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, modifications it has made to a personal digital assistant operating system?

Vodafone UK (Postpaid mobile)
NA
11.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Vodafone UK (Postpaid mobile)
NA
Average17
1.

Does the company clearly disclose that it has a mechanism through which security researchers can submit vulnerabilities they discover?

Vodafone UK (Fixed-line broadband)
Yes
2.

Does the company clearly disclose the timeframe in which it will review reports of vulnerabilities?

Vodafone UK (Fixed-line broadband)
No Disclosure
3.

Does the company commit not to pursue legal action against researchers who report vulnerabilities within the terms of the company's reporting mechanism?

Vodafone UK (Fixed-line broadband)
No Disclosure
4.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose that software updates, security patches, add-ons, or extensions are downloaded over an encrypted channel?

Vodafone UK (Fixed-line broadband)
NA
5.

(For mobile ecosystems and telecommunications companies) Does the company clearly disclose what, if any, modifications it has made to a mobile operating system?

Vodafone UK (Fixed-line broadband)
NA
6.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Vodafone UK (Fixed-line broadband)
NA
7.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company clearly disclose the date through which it will continue to provide security updates for the device/OS?

Vodafone UK (Fixed-line broadband)
NA
8.

(For mobile ecosystems and personal digital assistant ecosystems) Does the company commit to provide security updates for the operating system and other critical software for a minimum of five years after release?

Vodafone UK (Fixed-line broadband)
NA
9.

(For mobile ecosystems, personal digital assistant ecosystems, and telecommunications companies) If the company uses an operating system adapted from an existing system, does the company commit to provide security patches within one month of a vulnerability being announced to the public?

Vodafone UK (Fixed-line broadband)
NA
10.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, modifications it has made to a personal digital assistant operating system?

Vodafone UK (Fixed-line broadband)
NA
11.

(For personal digital assistant ecosystems): Does the company clearly disclose what, if any, effect such modifications have on the company's ability to send security updates to users?

Vodafone UK (Fixed-line broadband)
NA
Average33