Deutsche Telekom opens bug bounty program to external researchers

Deutsche Telekom has expanded its cybersecurity measures by opening its bug bounty program to external security researchers. The company is offering rewards to individuals who successfully identify and report vulnerabilities within its digital systems.

The program is structured into two tiers: a public and a private offering. In the public program, researchers are encouraged to report findings related to Telekom's domains, including *.telekom.de, *.telekom.net, and *.telekom.com. Rewards vary based on the severity of the discovered vulnerability, with potential payouts up to 5,000 euros for the most critical findings.

For those seeking more extensive opportunities, the private bug bounty program offers a broader range of targets and higher rewards, which can reach up to 10,000 euros. Specific details regarding this program's scope and participation methods are available upon request.

The company emphasizes a responsible disclosure policy, requiring researchers to report any discovered vulnerabilities promptly. Reports should include a precise description of the vulnerability, an assessment of its criticality, and evidence to enable reproduction and suggest remediation. Deutsche Telekom intends to evaluate vulnerabilities using established frameworks such as Bugcrowd's Vulnerability Rating Taxonomy and the Common Vulnerability Scoring System (CVSS).

The program is open to all individuals except current and former employees of Deutsche Telekom AG and its affiliated companies, as well as their relatives. Minors require written consent from a parent or guardian. This initiative aims to proactively identify and address security risks to maintain a high level of data protection.