Security is our first priority

Businesses face a challenge to offer secure access for a broader array of services and applications while guarding against increasingly sophisticated threats. Synology brings enhanced and comprehensive security solutions, allowing you to adapt more quickly to evolving technologies, business needs, and threats.

Synology PSIRT

The Synology Product Security Incident Response Team (PSIRT) is responsible for reacting to Synology product security incidents. The PSIRT manages the receipt, investigation, coordination, and public reporting of security vulnerability information regarding Synology products.

Fast security incident response

Security is our first priority. Upon receiving submissions about zero-day vulnerabilities, we make a preliminary assessment within eight hours, and fix any vulnerability within a day. A patch will be made available shortly after confirmation to keep all our products reliable and secure.

8hr

INVESTIGATING VULNERABILITIES

15hr

VULNERABILITIES
FIXED

24hr

RESPONSIVE EVENT HANDLING

Enhancing security together with FIRST

The Forum of Incident Response and Security Teams (FIRST) is the premier organization and recognized as the global leader in incident response. As a member of the FIRST, Synology's PSIRT can respond to security incidents more effectively and share our industry know-how to help set up more comprehensive security standards with world-leading partners.

CVE Numbering Authority

Synology is authorized as a CNA (CVE Numbering Authority) by the MITRE Corporation, a world-leading security institute. Entitled to assign CVE IDs to vulnerabilities affecting our own products, we are committed to advancing security solutions.

Engage with the hacker community with bounty programs

At Synology, we strive to build secure products that keep user information safe. We invite top hackers and external security researchers to help enhance our products’ security through yearly bounty programs with rewards up to US$20,000. We also participate in hacking contests such as Pwn2Own and TienFuCup to let hacker teams verify our security measures. Our development teams are committed to releasing fixes for critical and OS related issues within 60 days.

2015 HITCON Hack2Own

2016 Private Invitation

2017 Bounty Program

2020 Pwn2Own

2021 Pwn2OwnTienFuCup

2022 Pwn2Own

Synology Vulnerability Response Policy

This white paper outlines Synology’s approach to security and policy compliance for Synology DiskStation Manager (DSM).

Learn more

Self-protection against ransomware

Aware of the rampant malware problem, Synology introduces powerful security measures such as Snapshot Replication and Security Advisor, and offers regular security updates to defend users against potential threats.

Learn more

Synology Product Security Advisory

Dedicated to customer safety and the ongoing safety of our products, Synology will take immediate measures once potential vulnerabilities are discovered by internal tests, researchers, or customers.

Learn more

DSM security

DSM offers advanced security measures to safeguard businesses against malicious attacks, protecting your critical digital assets and ensuring 24/7 operation.

Learn more