Johnson Controls MITRE partnership drives product security transparency

Johnson Controls is now a Common Vulnerability and Exposures (CVE) Numbering Authority (CNA). Through the CVE program, the non-profit group MITRE ensures that application vulnerabilities are uniquely identified and accurately reported. As a CNA, Johnson Controls will assign numbers to vulnerabilities and exposures identified in its products. Cybersecurity scanning tools use CVE numbers to help customers identify and manage vulnerabilities within their infrastructure. Using unique CVE identifiers, customers and stakeholders across the cybersecurity community can remain informed of vulnerabilities and how to address them.

“This is an important step forward for our product cybersecurity program in becoming increasingly transparent with our customers and stakeholders,” says Steve Brukbacher, director, product security operations, Johnson Controls. “By participating in this program, we are reducing the time between vulnerability discovery and remediation, which helps reduce risk in a meaningful way for our customers. In addition, it demonstrates our ongoing commitment to protect customers and their buildings.”

Johnson Controls tracks, identifies and proactively addresses ever-evolving cybersecurity threats every day – it’s a top priority. This commitment is reflected in our technology innovations and continual product development to keep building management systems, IT infrastructures, and connected equipment secure. To learn more about our approach to cybersecurity, please visit our website at https://www.johnsoncontrols.com/cyber-solutions.