Looking for a security contact at John Deere

sickcodes · March 27, 2021, 8:47pm

I’m aware it’s the weekend, but anyone got a contact at John Deere?

Anyone really, just have a vulnerability report to get across.

Have tried the api support email address and the DMing them on Twitter, no response as of yet though.

sickcodes · March 28, 2021, 12:59pm

sickcodes · April 23, 2021, 1:17pm

What a mess that was!

Rule #1 for bounty hunters: don’t engage in extortion

Rule #1 for companies: don’t engage in blackmail

sickcodes · June 20, 2021, 10:41am

Update:

John Deere now has a HackerOne program.

Currently the program is private but you can request access.

They do not have a bounty, just swag.

disclose · August 14, 2021, 8:45am

Checking back in on this - How did you go @sickcodes?

sickcodes · August 14, 2021, 8:48pm

Ended up speaking at DEF CON about this situation: