The Unique Identification Authority of India (UIDAI) has launched the ‘UIDAI Bug Bounty Program,’ and is inviting 20 top white hat hackers to identify any weaknesses in its security system, which protects 1.32 billion Indians Aadhaar data.
There has long been a request for such an operation, as numerous allegations have been made about security flaws in Aadhaar data. Such bug bounty programs are popular, and huge multinational corporations offer monetary remuneration in exchange for hackers reporting any system flaws. These initiatives enable businesses to close any gaps before a malicious actor exploits the vulnerability.
Terms and Conditions for UIDAI Bug Bounty Program
“The candidate should be listed in the top 100 of the bug bounty leaders board such as HackerOne, Bugcrowd or listed in the Bounty Programs conducted by reputable companies such as Microsoft, Google, Facebook, or Apple, etc.,” says the order which was released recently.
“Or the candidate should be active in the bug bounty community or programs and should have submitted valid bugs or received bounty in the last one year,” the order adds. They will need to sign a non-disclosure agreement with UIDAI and abide by its instructions. UIDAI has, interestingly, also said that the 20 hackers selected for the program “must have a valid Aadhaar number and be Indian residents”.
UIDAI Bug Bounty Program might be the first government bug bounty program implemented. The directive does not specify if the ethical hackers would be compensated for their efforts. However, they will be registered before being allowed on board.
The UIDAI Bug Bounty Platform has a limit of 20 participants to document the security flaws. To avert data breaches, the shortlisted applicants will sign non-disclosure agreements with the UIDAI. Existing and former agency personnel, however, have been barred from enrolling in the initiative. Individuals who have worked with the UIDAI through outsourced technology support and audit organizations in the last seven years will likewise be ineligible to participate in the program.
“In case more than 20 applications are received, then UIDAI reserves the right to evaluate and select top 20 suitable candidates, an independent committee shall be formulated to assess and verify the candidates’ credentials, past bug hunting records or references and citations,” the order says.
According to UIDAI, the applicant must be an individual or a group of individuals who are not working or associated with any organization and must engage in his or her individual capacity.
Interested people can check more details and register for the UIDAI Bug Bounty Program here – https://uidai.gov.in/bug-bounty.html