Report Security Vulnerabilities of QNAP Products
We encourage developers and power users to report any potential or confirmed security vulnerabilities of QNAP products to the Security Response Team. Please use the below PGP encryption public key to encrypt your email message, and send it to security@qnap.com.
PGP Encryption Public Key
We recommend using the below PGP encryption public key to encrypt your email for reporting security vulnerabilities to QNAP.
Frequently-asked Questions
- When you’ve found security vulnerabilities within QNAP products.
- Seeking technical assistances (for example, how to set up NAS, system update and RMA requests)
- Reporting vulnerabilities that are already known to the public (for example, vulnerabilities already listed in the Security Advisory)
- Seeking technical assistance for installing patches published in response to security vulnerabilities
- Reporting vulnerabilities of products from other vendors, or asking for information on vulnerabilities of products from other vendors
- Reporting security vulnerabilities found on websites other than qnap.com
- Seeking advice on issues unrelated to product security
- Reporting malware found on mobile devices
For the above conditions, you should contact the QNAP Technical Support Team. The Technical Support Team can be reached at http://helpdesk.qnap.com/. If deemed necessary by the Technical Support Team, the case will be referred to the Security Response Team.
- To inform us of security vulnerabilities of QNAP products, please include as much information as possible, such as hardware model name, version of QTS/QES, the name and version of apps where vulnerabilities exist, a description of vulnerabilities and complete steps to reproduce the vulnerability. When contacting QNAP, it is recommended to use the PGP encryption public key provided on this page to ensure the integrity and confidentiality of the email.
- The QNAP Product Security Incident Response Team will thoroughly analyze and investigate received information. Typically, we will acknowledge receipt of your report within three (3) working days, after which we will begin to investigate and verify the issue you reported. Once your report is reviewed and confirmed by QNAP, QNAP will then release a patch (Qfix) or an updated version of relevant software as necessary. The patch and updated version is generally released within ninety (90) days after you file the report, however, depending on the complexity of the issue, additional time may be required. A corresponding Security Advisory article will also be posted. We will never forward email correspondences or your email address to third parties. We also will not request for or disclose any personal information that can be used to identify you, including your identity, your work, machines you use or configurations you deployed.
Kullanıcıların siber suçlar tarafından saldırıya uğrama olasılığını azaltmak için QNAP, yamalar yayınlamadan veya güvenlik uyarıları yayınlamadan önce güvenlik açıklarının varlığını önceden duyurmayacaktır. Kullandığınız QNAP ürünlerinin ağ güvenliğini sağlamak için lütfen QNAP'ın önerilerini takip edin. Benimsediğiniz QNAP hizmetleri için lütfen QNAP web sitesinden güvenlik yamalarını ve güvenlik tavsiyelerini alın ve yazılımı zamanında ve düzenli olarak güncelleyin. QNAP ayrıca en son ürün güvenliği haberlerini almak için güvenlik tavsiyelerine abone olmanızı önerir.
Müşteri mahremiyeti için QNAP, bir soruşturma yapılana veya yama yada sürümler genel olarak mevcut olana kadar güvenlik sorunlarını açıklamaz, tartışmaz veya onaylamaz.
