An Inside Look at Deutsche Telekom’s Bug Bash

Last month, Deutsche Telekom partnered with Bugcrowd to host its first-ever Bug Bash, a week-long event at its headquarters in Bonn, Germany, where nine of the world’s top security researchers gathered to test 5G equipment within a controlled, closed-network environment. Teams from T-Mobile US and Ericsson joined on-site alongside Deutsche Telekom and Bugcrowd to help collaborate and share expertise, drive cybersecurity innovation and strengthen resilience against emerging threats.

Over the course of the event, security researchers competed for bounties — rewards of up to $100,000 USD — for discovering and reporting security vulnerabilities, or “bugs.” Once a bug is identified, Deutsche Telekom’s security teams act quickly to resolve potential weaknesses before they can be exploited.

Building on the success of several Bug Bashes that T-Mobile previously designed with Bugcrowd, this event marked another important step in improving defenses against cybercriminals and better protecting customers, employees and data. Because companies like T-Mobile, Deutsche Telekom, Ericsson and others often use similar equipment and operate similar ecosystems, it was a powerful opportunity to collaborate on shared challenges and help identify and fix vulnerabilities that could impact the broader industry.

Check out some photos from the event and read what those in Bonn had to say:

“The energy is super high, the researchers love it and the targets are amazing. The Deutsche Telekom team especially has been out of this world, and I cannot wait to come back and do it again”
Alex Naranjo, Manager, Cybersecurity, T-Mobile

Security researchers taking apart 5G equipment for testing

“Our Bug Bash experience is typically focused on T-Mobile US and the services and offers we look at. This is the first time we’re doing a partnership with other telcos that also share similar types of equipment and infrastructure, so it gives us a lot of opportunity to focus on things that impact the industry as a whole rather than just one telco.”
Chris Wallace, Sr. Director, Cybersecurity, T-Mobile

Two security researchers discussing methods and findings

“The program here has been a really unique chance to get to touch this type of technology.”
Security Researcher

“Sure, we have pen testers, labs, and a red team that challenges our infrastructure and services every day of the week. In terms of technological leadership, we must not rest on our laurels. That’s why we highly value external help based on Responsible Disclosure and treat security researchers from all countries with a lot of respect.”
Thomas Tschersich, CSO, Deutsche Telekom & CEO, Deutsche Telekom Security GmbH

Two Bug Bash event leads investigating equipment

“Ericsson is proud to support the T-Mobile Bug Bash event by providing our state-of-the-art 5G equipment. This initiative reflects our commitment to strengthening cybersecurity and driving innovation in the 5G ecosystem.”
Andreas Blank, Head of Customer & Solution Security, Ericsson

“The Bug Bash with Deutsche Telekom, T-Mobile, and Ericsson is a powerful example of how collaborative security drives stronger outcomes for the entire ecosystem. Bringing world-class researchers together with leading global telcos on real, in-use 5G infrastructure doesn’t just find vulnerabilities and keeps customers and companies safe but it also accelerates innovation, resilience, and trust across the industry. Bugcrowd is proud to help facilitate this model and will continue to push the boundaries of proactive, adversary-powered security for our partners worldwide.”
Matthias Held, Principal Security Solutions Architect, Bugcrowd

Deutsche Telekom and T-Mobile teams discussing the Bug Bash with Tim Höttges

“Responsible disclosure has a long tradition at Deutsche Telekom. But such a Bug Bash is still a new format for us and it is an exciting experience to host the event for the first time in Germany.”
Stefan Pütz, CISO, Deutsche Telekom AG