Security is our first priority
Businesses face a challenge to offer secure access for a broader array of services and applications while guarding against increasingly sophisticated threats. Synology brings enhanced and comprehensive security solutions, allowing you to adapt more quickly to evolving technologies, business needs, and threats.
Watch Video
Synology PSIRT
The Synology Product Security Incident Response Team (PSIRT) is responsible for reacting to Synology product security incidents. The PSIRT manages the receipt, investigation, coordination, and public reporting of security vulnerability information regarding Synology products.
Fast security incident response
Security is our first priority. Upon receiving submissions about zero-day vulnerabilities, we make a preliminary assessment within eight hours, and fix any vulnerability within a day. A patch will be made available shortly after confirmation to keep all our products reliable and secure.
Completed 8 hours of vulnerability investigation and 15 hours of vulnerability remediation within 24 hours, demonstrating prompt and efficient incident response capabilities.
8hr
Investigating vulnerabilities
15hr
Vulnerabilities fixed
24hr
Responsive event handling
Commitment to global security standards
Enhancing security together with FIRST
The Forum of Incident Response and Security Teams (FIRST) is the premier organization and recognized as the global leader in incident response. As a member of the FIRST, Synology's PSIRT can respond to security incidents more effectively and share our industry know-how to help set up more comprehensive security standards with world-leading partners.
CVE Numbering Authority
Synology is authorized as a CNA (CVE Numbering Authority) by the MITRE Corporation, a world-leading security institute. Entitled to assign CVE IDs to vulnerabilities affecting our own products, we are committed to advancing security solutions.
Engaging with the hacker community
At Synology, we strive to build secure products that keep user information safe. Every year, we invite top hackers and external security researchers to contribute to the enhancement of our products’ security profile through bounty programs with rewards up to US$20,000. We also participate in hacking contests such as Pwn2Own and TienFuCup to let hacker teams verify our security measures. Our development teams are committed to releasing fixes for critical and OS related issues within 60 days.
2024
Pwn2Own
2023
Pwn2Own
2022
Pwn2Own
2021
Pwn2Own
TienFuCup
2020
Pwn2Own
2017
Bounty Program
2016
Private Invitation
2015
HITCON Hack2Own
More about Synology’s approach to security
Synology Vulnerability Response Policy
This white paper outlines Synology’s approach to security and policy compliance for Synology DiskStation Manager (DSM).
Learn more
Self-protection against ransomware
Aware of the rampant malware problem, Synology introduces powerful security measures such as Snapshot Replication and Security Advisor, and offers regular security updates to defend users against potential threats.
Learn more
Synology Product Security Advisory
Dedicated to customer safety and the ongoing safety of our products, Synology will take immediate measures once potential vulnerabilities are discovered by internal tests, researchers, or customers.
Learn more
DSM security
DSM offers advanced security measures to safeguard businesses against malicious attacks, protecting your critical digital assets and ensuring 24/7 operation.
Learn more