Qualcomm Incorporated and its subsidiaries understand that maintaining a large variety of products comes with certain responsibilities. We take security vulnerabilities very seriously and always seek to respond appropriately.
Qualcomm takes security very seriously and we strive to address any security-related issues quickly and appropriately. If you have found a potential security issue in any Qualcomm product or software, please contact us via email: [email protected]. Or click the button below and use our form to contact us. For encrypted communication, you may use our public key.
Qualcomm Technologies, Inc. (QTI), has its vulnerability rewards program designed to expand collaboration with invited security researchers who improve the security of the Qualcomm® Snapdragon™ family of processors, 5G modems and related technologies. The program is administered in collaboration with vulnerability coordination platform HackerOne. Security researchers who submit high-quality issues may be invited to join Qualcomm’s Vulnerability Reward Program. Researchers with a proven history of submitting high-quality issues in other areas may be invited to join the Program; we encourage such individuals to reach out to us at [email protected]. See Report a vulnerability below.
We aim to address security issues and communicate them to our stakeholders within 90 days (e.g. through security bulletins). While we strive to meet this deadline every time, the complexity and the large number of products and product lines that we support may prevent us from doing so. We will do our best to keep you updated throughout this process when appropriate.
We respect privacy, if you wish to stay anonymous, we will not have further records of your name or identity in any further communication regarding the matter.
The following information will help us to evaluate your submission as quickly as possible. If available, please include in your report:
Publication of Vulnerabilities
We regularly issue security bulletins to our customers in order to share security vulnerabilities and related code modifications. As an active member of Code Aurora Forum (CAF), Qualcomm Innovation Center, Inc. also shares reports of security vulnerabilities with CAF and the open source community. Such communications will oftentimes include description of issues, their severity based on our vulnerability rating guidelines and attributions to reporters of those vulnerabilities unless those reporters request otherwise.