Synology today announced a collaboration with TEAM.ENVY, a renowned security research organization, to enhance the security of Surveillance Station.
Since establishing the Security Bounty Program in 2019, Synology has worked with over 200 security experts and organizations in strengthening product security. In November 2023, TEAM.ENVY reported potential security vulnerabilities in Surveillance Station through this program. Synology promptly initiated the verification and incident response processes, patched the vulnerabilities and released a security update, preventing any exploitation from occurring.
"We thank TEAM.ENVY for their collaboration," stated Han-En Lin, Manager of Synology Product Security Incident Response Team. "Our Security Bounty Program enables us to work with world-class cybersecurity researchers and white-hat hackers to identify and fix vulnerabilities before they can be exploited by malicious actors, ensuring the security of our customers' most valuable assets, their data."
"We highly appreciate Synology's investment in security and their commitment to working with the international cybersecurity community. We hope more companies will follow Synology's lead in collaborating with cybersecurity experts and investing in product security." TEAM.ENVY commended.
As all reported vulnerabilities were fixed in March 2024, TEAM.ENVY plans to publish the technical details in August 2024 at DEFCON for academic research and exchange purposes. Synology urges users to update Surveillance Station to version 9.2.0 or above to ensure system security.
For more information, please refer to Synology Product Security Advisory: https://sy.to/teamenvypr