John Deere’s CISO, James Johnson, and his team are committed to ensuring that the people who depend on John Deere for their livelihood rest easy knowing their information and products are secure. To help fortify security defenses for their customers, dealers, suppliers, and employees, John Deere recently launched a public Vulnerability Disclosure Program (VDP) with HackerOne.

Read on to learn why James and the John Deere security team leverage ethical hackers to help identify security gaps and increase their product and data security.

Q: Tell us who you are and your role at John Deere.

I’m James Johnson, John Deere’s Chief Information Security Officer. I joined to lead the security organization and build a security-focused culture.

Q: Tell us a bit about John Deere and why cybersecurity is so important.

James: Integrity, Quality, Commitment, and Innovation are the core values that define Security by Design program, which has instilled a security mindset within the development community at John Deere. Security by Design combines people, processes, and technologies to create a culture of security throughout the software development life cycle. Security professionals sit on teams with developers to secure code, educate, and share best practices. We are able to learn from our VDP and bring those examples as learning opportunities directly to development teams through the Security by Design program.

Q: What advice would you give to other CISOs planning to start a VDP?

James: Having a VDP is a core component to a robust vulnerability management program. Cultivating a positive relationship with the researcher community is incredibly valuable to your overall security program.

Q: What about advice for program leads planning to start a VDP?

James: Start by benchmarking with other companies and hearing their lessons learned.  Make sure your internal teams are ready to handle the submissions from your VDP, will provide a timely response to researchers, and will give them a positive experience with your program.

Q: What will long-term success look like?

James: We are excited to continue to learn from our VDP, and we want to keep maturing the program. We want our program to attract the best researchers and give them a great experience working with our teams. To this end, we are exploring offering bounties in the future.

Click here for more information about Vulnerability Disclosure Programs.

Posted by Charlie