QNAP® Systems, Inc. announced that the company has been designated as a Common Vulnerability and Exposure (CVE) Numbering Authority (CNA) by MITRE Corporation, an international non-for-profit security institute. Effective immediately, QNAP is entitled to assign CVE IDs for security vulnerabilities in its products and will receive security alerts from around the world. From proactively investigating vulnerabilities, releasing timely security updates, to publicly disclosing issues, QNAP aims to provide users with the most secure and reliable storage and backup solution to protect their valuable digital assets.
“By participating in the CNA, QNAP demonstrates the determination to provide enhanced data security. We are committed to providing not only high-performance and high-reliability hardware and software, but are dedicated to helping users safeguard their data,” said Meiji Chang, General Manager of QNAP. “In the face of near-constant cyber security threats in today’s interconnected world, QNAP will continuously monitor potential threats and make necessary fixes, so that our users can use their QNAP NAS with greater peace of mind,” Chang added.
The QNAP Cyber Security Team will allocate more resources hereafter and take the initiative to detect potential vulnerabilities, perform in-depth analysis, and provide timely updates to mitigate the threat of malicious software attacks. We advise all our users to regularly check the QNAP Security Advisory page and subscribe to the Security Advisory newsletter to ensure they have the latest updates. QNAP also encourages users to report security breaches at any time to help improve the security of QNAP products.
QNAP is dedicated to data security and received ISO 27001:2013 certification for an information security management system (ISMS) in 2014, ensuring its products meet the most stringent global security requirements.
About CVE Numbering Authorities
CVE Numbering Authorities (CNAs) are major OS vendors, security researchers, and research organizations that assign CVE IDs to newly-discovered issues without directly involving MITRE in the details of the specific vulnerabilities, and include the CVE IDs in the first public disclosure of the vulnerabilities.