What are you looking for ?
Mobile Search Icon
Mobile Menu Icon
facts 2025 and predictions 2026
RAIDON

QNAP Reports 2025 Progress of Its Bounty Program, Advancing Product Security and Collaborative Defense

Strengthening sustainable cybersecurity through open collaboration and process optimization to protect user data

This is a Press Release edited by StorageNewsletter.com on December 26, 2025 at 2:00 pm

QNAP Systems, Inc. announced the annual progress of its 2025 QNAP Bounty Program, highlighting the company’s continued investment in product security and its commitment to transparent, structured collaboration with the global security research community.Qnap Bounty Program Result En IntroPartnering with Global Security Research Community
As of December 1, 2025, QNAP has received 224 vulnerability reports through its Bounty Program. Verified issues were assigned CVE (Common Vulnerabilities and Exposures) IDs and addressed through the firm’s internal security response processes. All vulnerabilities classified as Critical or Important were remediated within one week, significantly reducing potential security exposure.

This year, 151 external security researchers contributed to strengthening QNAP product security. As of September, the company has awarded a total of US$88,000 in bounty rewards, recognizing responsible vulnerability disclosure and the research community’s role in improving user data protection. The firm will continue to promote a Coordinated Vulnerability Disclosure (CVD) culture and deepen long-term collaboration with the security ecosystem.

Transparent reporting channels and close collaboration with the research community are fundamental to strengthening an organization’s security maturity,” said Stanley Huang, senior manager, Product Security Incident Response Team, QNAP.

Active Participation in Global Security Competitions and Professional Testing
To ensure products remain resilient against real-world threats, the company actively participates in international security competitions and 3rd-party security assessments, including:

  • Pwn2Own 2024 and Pwn2Own 2025 — validating product defenses under high-intensity attack scenarios
  • Public-sector vulnerability hunting programs — validating product security through structured testing and coordinated disclosure
  • Red team penetration testing by leading security firms — simulating full attack chains to further strengthen the resilience of the QuTS hero NAS OS

These efforts not only broaden QNAP’s offensive and defensive security insights, but also accelerate the implementation of internal security improvements.

Process Optimization and Strengthened Security Governance
To build a more secure and transparent product development environment, the company has further enhanced key components of its Secure Software Development Lifecycle (SDLC), including:

  • AI-assisted code review: Leveraging AI technologies to improve code review efficiency through automated vulnerability detection and reduced human error
  • Establishment of a Software Bill of Materials (SBOM): Maintaining transparent visibility into software components to help organizations better manage supply chain risks and meet security compliance requirements
  • Strengthened security across development and testing workflows: Integrating vulnerability detection into CI/CD automation to identify issues early, while utilizing professional scanning tools during QA/QC testing to ensure vulnerabilities are thoroughly identified and remediated prior to product release

Resource:
Information about QNAP Bounty Program and product security initiatives

Read also :
QNAP’s Statement on Recent Security Incident
Based on currently available information, the company provides preliminary statement.
December 23, 2025 | Press Release
QNAP Unifies Backup Applications Under "Hyper Data Protection"
To deliver complete end-to-end data protection
December 18, 2025 | Press Release
QNAP Partners with Cupola360 to Deliver Fully Panoramic AI-Driven Remote Inspection Platform
Combining always-on 360° real-time imagery with QNAP NAS to deliver plug-and-play field management solution
December 3, 2025 | Press Release
QNAP Unveils QuTS hero h6.0 Beta ZFS-based NAS OS
With dual-NAS high availability, immutable snapshots, enhances resilience, security, and on-prem AI management for enterprise users
December 2, 2025 | Press Release
QNAP Extends Airgap+ Support to Select Switches
Bringing air-gapped backup protection to switches bolsters ransomware-resilient architectures
December 1, 2025 | Press Release
QNAP Launches myQNAPcloud Surveillance
Secure and scalable cloud backup for surveillance recordings
November 28, 2025 | Press Release
QNAP Launches All-New QVR Surveillance Platform
Supports up to 1,024 channels for high-performance cloud and AI surveillance experience, existing QVR Elite users can upgrade and enjoy 6 free channels while new users can start their secure surveillance journey
November 26, 2025 | Press Release
QNAP Launches SAS Storage Expansion PCIe Gen 4 x8 Cards for High-Capacity NAS Environments
Compact PCIe 4.0 cards enabling up to 4.6PB capacity
November 20, 2025 | Press Release
Articles_bottom
ExaGrid
SNL Awards_2026
AIC
ATTO
OPEN-E