Taiwan-based QNAP Systems has announced that it is offering rewards of up to $20,000 for vulnerabilities reported through its newly launched bug bounty program.
QNAP, which is known for its network-attached storage (NAS) and professional network video recorder (NVR) solutions, also makes various types of networking equipment.
Security researchers interested in joining QNAP’s program can hunt for vulnerabilities in the company’s applications, cloud services, and operating systems.
Rewards of up to $20,000 are offered for operating system vulnerabilities, while for applications and cloud services researchers can earn a maximum of $10,000 and $5,000, respectively.
Submitted reports, the company says, may qualify for a reward if they do not describe previously reported security defects, if the researcher has not publicly shared details about the flaw, and if the described issue can be replicated and validated by QNAP’s security team.
The manufacturer also notes that higher bounties may be awarded for clear, well-written reports that also include detailed instructions and proof-of-concept (PoC) code, along with suggestions on how the bug should be fixed.
“The reward is determined by the complexity of successfully exploiting the vulnerability, the potential exposure, and the percentage of impacted users and systems,” the company says.
According to QNAP, while only released applications, cloud services, and operating systems are within the program’s scope, rewards may be paid out for critical vulnerabilities that are out-of-scope.
Additional information on the scope and terms of the program can be found on QNAP’s website.
QNAP has provided a PGP public key that interested security researchers can use to encrypt emails containing vulnerability submissions.
Related: Critical QNAP Vulnerability Leads to Code Injection
Related: QNAP Warns of New ‘Deadbolt’ Ransomware Attacks Targeting NAS Users

More from Ionut Arghire
- Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
- Zoom Paid Out $3.9 Million in Bug Bounties in 2022
- Malicious NuGet Packages Used to Target .NET Developers
- Google Pixel Vulnerability Allows Recovery of Cropped Screenshots
- Millions Stolen in Hack at Cryptocurrency ATM Manufacturer General Bytes
- NBA Notifying Individuals of Data Breach at Mailing Services Provider
- Adobe Acrobat Sign Abused to Distribute Malware
- Latitude Financial Services Data Breach Impacts 300,000 Customers
Latest News
- Verosint Launches Account Fraud Detection and Prevention Platform
- Ransomware Gang Publishes Data Allegedly Stolen From Maritime Firm Royal Dirkzwager
- Zoom Paid Out $3.9 Million in Bug Bounties in 2022
- Oleria Scores $8M Seed Funding for ID Authentication Technology
- Exploitation of 55 Zero-Day Vulnerabilities Came to Light in 2022: Mandiant
- News Analysis: UK Commits $3 Billion to Support National Quantum Strategy
- Malicious NuGet Packages Used to Target .NET Developers
- Google Pixel Vulnerability Allows Recovery of Cropped Screenshots
