UIDAI is looking for 20 top hackers to help find vulnerabilities in its security system, which protects the Aadhaar data of 1.32 billion Indians.
The Unique Identification Authority of India (UIDAI) is looking for 20 top hackers to help find vulnerabilities in its security system, which protects the Aadhaar data of 1.32 billion Indians. Such activity was long-awaited, and the government is referring to it as a “bug bounty programme”, as reported by News18. The publication said that it accessed an order issued by the UIDAI on July 13.
With this programme, the government wants top hackers to closely look into the Aadhaar data security system and spot loopholes if any. The 20 selected individual hackers will be given the chance to study the UIDAI’s Central Identities Data Repository (CIDR), which stores Aadhaar data of 1.32 billion Indians. UIDAI said that the idea is to secure Aadhaar data hosted in the CIDR, “along with responsible disclosure of vulnerabilities”.
UIDAI hasn’t revealed if these ethical hackers will be paid for the exercise or not. But, the government body clearly mentioned that none of the candidates should be current or former employees of UIDAI or even its contracted technology support and audit organisations in the past seven years.
The order stated that “the selected candidate should be listed in top 100 of the bug bounty leaders board such as HackerOne, Bugcrowd or listed in the Bounty Programs conducted by reputable companies such as Microsoft, Google, Facebook, or Apple etc.” “The candidate should be active in the bug bounty community or programs and should have submitted valid bugs or received bounty in the last one year,” the order also noted.
The order mentioned that these hackers will need to sign a non-disclosure agreement with UIDAI and abide by its instructions. UIDAI also added that the 20 hackers selected for the programme “must have a valid Aadhaar number and be Indian residents”.
UIDAI said that if it receives more than 20 applications, the agency reserves the right to evaluate ad shortlist 20 top candidates. “In case more than 20 applications are received, then UIDAI reserves the right to evaluate and select top 20 suitable candidates an independent committee shall be formulated to assess and verify the candidates’ credentials, past bug hunting records or references and citations,” the order stated.