UIDAI Bug Bounty Program launched to expose vulnerabilities in Aadhaar’s Security System

    The Unique Identification Authority of India (UIDAI) has launched the ‘UIDAI Bug Bounty Program,’ and is inviting 20 top white hat hackers to identify any weaknesses in its security system, which protects 1.32 billion Indians Aadhaar data.

    There has long been a request for such an operation, as numerous allegations have been made about security flaws in Aadhaar data. Such bug bounty programs are popular, and huge multinational corporations offer monetary remuneration in exchange for hackers reporting any system flaws. These initiatives enable businesses to close any gaps before a malicious actor exploits the vulnerability.

    Terms and Conditions for UIDAI Bug Bounty Program

    “The candidate should be listed in the top 100 of the bug bounty leaders board such as HackerOne, Bugcrowd or listed in the Bounty Programs conducted by reputable companies such as Microsoft, Google, Facebook, or Apple, etc.,” says the order which was released recently.

    “Or the candidate should be active in the bug bounty community or programs and should have submitted valid bugs or received bounty in the last one year,” the order adds. They will need to sign a non-disclosure agreement with UIDAI and abide by its instructions. UIDAI has, interestingly, also said that the 20 hackers selected for the program “must have a valid Aadhaar number and be Indian residents”.

    UIDAI Bug Bounty Program might be the first government bug bounty program implemented. The directive does not specify if the ethical hackers would be compensated for their efforts. However, they will be registered before being allowed on board.

    The UIDAI Bug Bounty Platform has a limit of 20 participants to document the security flaws. To avert data breaches, the shortlisted applicants will sign non-disclosure agreements with the UIDAI. Existing and former agency personnel, however, have been barred from enrolling in the initiative. Individuals who have worked with the UIDAI through outsourced technology support and audit organizations in the last seven years will likewise be ineligible to participate in the program.

    “In case more than 20 applications are received, then UIDAI reserves the right to evaluate and select top 20 suitable candidates, an independent committee shall be formulated to assess and verify the candidates’ credentials, past bug hunting records or references and citations,” the order says.

    According to UIDAI, the applicant must be an individual or a group of individuals who are not working or associated with any organization and must engage in his or her individual capacity.

    Interested people can check more details and register for the UIDAI Bug Bounty Program here –

    Related Content

    Top Bug Bounty Programs out there

    Bug bounty platform Intigriti offers a new hourly payment option for vulnerability researchers

    Recent Articles

    Related Stories

    Newsletter Signup

    Subscribe to our weekly newsletter below and never miss the latest software testing updates.