Synology Inc. is now authorised as a CNA (CVE Numbering Authority) by MITRE Corporation. Synology is the first vendor of Taiwan to participate in this program. There are 62 participating CNAs as of June 2017, all of them are the leading enterprises in the specific fields. Synology can now assign CVE identifiers to vulnerabilities found in Synology products regardless of whether the issues have been disclosed by Synology itself or third-party experts.

“It has always been our top priority to ensure the security of our products and services. Nowadays, we can see Synology users all around the world, the number of which has also been increasing dramatically. Synology is the first company of Taiwan that receives certification of CVE (Common Vulnerabilities and Exposures). It does not only demonstrate the extent to which we value Synology users, but also how far we have advanced in line with first-class major manufacturers in this field with our R&D resources,” said Vic Hsu, the CEO of Synology Inc. Designated as a CNA, we are capable of assigning the CVE IDs of our own Synology vulnerabilities. Synology provides enhanced and comprehensive security solutions, allowing your NAS to adapt more quickly to evolving technology, business needs, and sophisticated threats.

Businesses are challenged to offer secure access to a broader array of services and applications while guarding against increasingly sophisticated threats. Synology is committed to improving cyber security. Upon receiving a vulnerability submission, we will make a preliminary assessment within 8 hours, and fix any vulnerability within a day. A patch will be available within a short period of time after confirmation. We ensure the products you have is secure and reliable all the time.
Synology also holds bounty programs every year and invites top hackers to enhance the security of Synology products. Keeping user information safe and building a more secure product are our mission. We welcome the contribution of external security researchers and look forward to awarding them for their invaluable contribution to the security of all Synology users.
About CVE

Common Vulnerabilities and Exposures (CVE®) is a dictionary of common names (i.e., CVE Identifiers) for publicly known cybersecurity vulnerabilities. CVE’s common identifiers make it easier to share data across separate network security databases and tools, and provide a baseline for evaluating the coverage of an organisation’s security tools. CVE is maintained by MITRE Corporation that is American not-for-profit organisation based in Bedford, Massachusetts, and McLean, Virginia. It manages Federally Funded Research and Development Centers (FFRDCs) supporting several U.S. government agencies. For more information on MITRE Corporation, please visit the MITRE official web page.