UIDAI Invites 20 Top Hackers To Expose Loopholes In Aadhaar’s System

The Unique Identification Authority of India (UIDAI) has announced a ‘Bug Bounty’ programme to figure out vulnerabilities in Aadhaar’s data security system.

In a circular, the government arm called for empanelment of 20 top white hat hackers to expose any vulnerabilities in its Central Identities Data Repository (CIDR). 

“In its endeavour to secure Aadhaar data hosted in UIDAI’s CIDR, UIDAI intends to conduct a ‘Bug Bounty’ program along with responsible disclosure of vulnerabilities,” the circular said.

Such initiatives are common and large multinational companies offer monetary compensation in lieu of hackers exposing any vulnerabilities in a system. These initiatives enable companies to plug any loopholes before a negative actor exploits the bug to exploit the weakness.

The circular, which was issued on July 13, did not mention any financial remuneration in lieu of the services.

Elaborating on the eligibility criteria, the UIDAI said that the candidates listed among the top 100 bug bounty leaders on websites such as HackerOne and Bugcrowd would be allowed to participate in the event. Additionally, candidates listed in the bounty programmes conducted by companies such as Microsoft, Google, Facebook and Apple can also participate in the event. 

Apart from that, applicants who have submitted valid bugs or received bounty in the last one year will also be eligible to participate in the initiative. 

The UIDAI has capped the number of participants at 20 to report on the vulnerabilities plaguing the system. The body will form a panel to evaluate the applicants and verify the candidate credentials, and select the candidates accordingly.

The selected candidates will sign non-disclosure agreements…