The Orange CERT Coordination Center (Orange-CERT-CC) or “CERT Orange” is the operational structure responsible for managing IT security incidents that might affect the activities of the Orange Group, including its various business units and subsidiaries.
As a member of FIRST, CERT Orange adheres to responsible management principles for vulnerabilities brought to its attention (Responsible Disclosure principles). CERT Orange is committed to responding to any vulnerability-related information brought to its attention and finding a solution to it within a reasonable timeframe, while keeping the person or entity that brought this vulnerability to its attention regularly informed.
The Orange-CERT-CC’s use of the registered trademark “CERT” has been authorized by Carnegie Mellon University’s CERT.
Contact us
To report any security incidents or vulnerabilities that might concern the activities of the Orange Group or any of its business units, you can contact us by email: cert@orange.com or by postmail at the following address:
DSCS/IT&Network Security/CERT-CC
Site Orange Gardens
40-48, avenue de la République,
92320 Châtillon
FRANCE
If you wish to report any abuse to Orange concerning orange.com domain (phishing, spam, scam…), please contact us by email : abuse@orange.com
Confidentiality of communications
If you would like to submit any sensitive information to us, we recommend protecting it by encrypting it with our PGP key 0x845B9C1D38382441 with the following fingerprint: D8B93539D863425ADF4AFD73845B9C1D38382441.
BugBounty Program
The Orange Group organizes both public and private BugBounty programs.
There are not currently any active public BugBounty programs.