Report Vulnerabilities

To inform ASUSTOR of security vulnerabilities found in ASUSTOR products, please include as much information as possible, including, hardware model, ADM version, the name and version of apps where vulnerabilities exist, a description of vulnerabilities and complete steps to reproduce the vulnerability. When contacting ASUSTOR, it’s recommended to use the PGP encryption public key provided on this page to ensure the integrity and confidentiality of the email.

The ASUSTOR Security Team will analyze and investigate received information about security vulnerabilities affecting ASUSTOR products. Typically, ASUSTOR will acknowledge receipt of your report within three (3) business days, after which we will begin to investigate and verify the reported issue. Updates will be provided once every fourteen (14) calendar days. Once your report is reviewed and confirmed, ASUSTOR will then release a patch or an updated version of relevant software as necessary. The patch and updated version is generally released within ninety (90) business days after filing. Depending on the complexity of the issue, additional time may be required. A corresponding Security Advisory article will also be posted. All communications with ASUSTOR are confidential and information sent to ASUSTOR is protected. ASUSTOR does not request for nor disclose any personal information that can be used to identify you, including your identity, your work, devices you use or deployed.

To report security issues that affect ASUSTOR products, please use the below PGP key to encrypt your email message, and send it to security@asustor.com.

PGP Key Information

We recommend using the below PGP key to encrypt your email for reporting security vulnerabilities to ASUSTOR.

This email address cannot send out replies. To reduce reply timeframes, updates on reported security vulnerabilities are sent through an alternate email address. For tech support, visit our support center instead.