Looking for someone in the software security team @ https://www.cnhindustrial.com/
3 Likes
Still looking for a contact, all the phone lines go nowhere. No emails back. Rude operators. Dare I say there may not be a team that can assist, but hope to get through to them this week!
1 Like
I was able to get in touch with the security team using this URL:
http://www.cnhindustrialcompliancehelpline.com/
Specify that you will not disclose the vulnerabilities to the third party, Navex, until you are speaking to CNH via the compliance form. If I receive an updated email destination, I will update the disclose diodb: GitHub - disclose/diodb: Open-source vulnerability disclosure and bug bounty program database.
3 Likes