Search

QNAP Actively Strengthens Software Supply Chain Security

Software supply chain risk management is a key element in cybersecurity. QNAP prioritizes information security by proactively maintaining the Software Bill of Materials (SBOM), ensuring transparency of software component information to help businesses effectively manage security risks and meet compliance requirements.

How Does QNAP Ensure Product Security?

QNAP implements multi-layered cybersecurity measures to ensure NAS software environment remains safe and reliable:

  • 1

    Software Transparency and SBOM Support

    • Maintains SBOMs for QNAP NAS software and applications to track and manage the composition of each product, ensuring transparency and reducing risks from vendor-side vulnerabilities or insecure code. This approach helps ensure that all components are free from security concerns, enhancing overall software security.
    • Uses industry-standard formats (such as CycloneDX, SPDX) for SBOMs to improve compatibility and readability, enhancing the license review process and ensuring compliance in sensitive industries.
    • Adopts Software Composition Analysis (SCA) in product development processes to detect open-source component vulnerabilities. This ensures partner compliance with licensing, and managing and patching software versions.
    • Works with reputable upstream suppliers to design and maintain secure software products and services.

  • 2

    Continuous Security Updates

    • Uses automated detection tools (such as SAST) to discover potential security vulnerabilities and release regular firmware and application updates to patch known issues.
    • Actively promotes security bounty program to encourage cybersecurity experts and researchers to report potential issues, helping enhance the security of QNAP products and user data.

  • 3

    Third-Party Security Audits and Compliance Certifications

    • Integrates the MITRE CVE database and CISA KEV catalog, allowing QNAP to rapidly respond to zero-day vulnerabilities within 24 hours, identify vulnerabilities, and prioritize mitigation, ensuring immediate product security.
    • Regularly undergoes third-party cybersecurity audits and penetration testing to ensure products meet the latest security standards.
    • Complies with international cybersecurity standards, including ISO 27001, etc.

  • 4

    Follow Software Development Life Cycle (SDLC) for the Internal Security Development Process

    • Employs multi-layered protection measures to ensure the security of the development environment, including physical and boundary controls, strict identity access management, antivirus and intrusion detection systems, and security auditing and monitoring mechanisms.
    • Applies the 'Security by Design' principle, integrating security considerations into the entire development life cycle, from requirements gathering through architecture design to coding implementation.

QNAP Commits to Maintaining Product Security

Subscribe to QNAP security advisories news

Receive the latest product security news.

Subscribe now

QNAP Secure Software Development Lifecycle

Explore

Security Bounty Program

Report now

A Deep-Dive into Security Advisory

Learn more

Kies specificatie

      Toon meer Minder

      Deze website in andere landen/regio's:

      open menu
      back to top