Security is our first priority

Businesses face a challenge to offer secure access for a broader array of services and applications while guarding against increasingly sophisticated threats. Synology brings enhanced and comprehensive security solutions, allowing you to adapt more quickly to evolving technologies, business needs, and threats.

Synology PSIRT

The Synology Product Security Incident Response Team (PSIRT) is responsible for reacting to Synology product security incidents. The PSIRT manages the receipt, investigation, coordination, and public reporting of security vulnerability information regarding Synology products.

Fast security incident response

Security is our first priority. Upon receiving submissions about zero-day vulnerabilities, we make a preliminary assessment within eight hours, and fix any vulnerability within a day. A patch will be made available shortly after confirmation to keep all our products reliable and secure.

8hr

INVESTIGATING VULNERABILITIES

15hr

VULNERABILITIES
FIXED

24hr

RESPONSIVE EVENT HANDLING

Enhancing security together with FIRST

The Forum of Incident Response and Security Teams (FIRST) is the premier organization and recognized as the global leader in incident response. As a member of the FIRST, Synology's PSIRT can respond to security incidents more effectively and share our industry know-how to help set up more comprehensive security standards with world-leading partners.

CVE Numbering Authority

Synology is authorized as a CNA (CVE Numbering Authority) by the MITRE Corporation, a world-leading security institute. Entitled to assign CVE IDs to vulnerabilities affecting our own products, we are committed to advancing security solutions.

Engage with the hacker community with bounty programs

At Synology, we strive to build secure products that keep user information safe. Every year, we invite top hackers and external security researchers to contribute to the enhancement of our products’ security profile through bounty programs with rewards up to US$20,000. We also participate in hacking contests such as Pwn2Own and TienFuCup to let hacker teams verify our security measures. Our development teams are committed to releasing fixes for critical and OS related issues within 60 days.

2015 HITCON Hack2Own

2016 Private Invitation

2017 Bounty Program

2020 Pwn2Own

2021 Pwn2OwnTienFuCup

2022 Pwn2Own