UIDAI Begins Hunt for Top Hackers to Identify Bugs in Aadhaar Data Security

The  Unique Identification Authority of India (UIDAI) has invited 20 candidates from the top 100 bug bounty leader boards like HackerOne and Bugcrowd in its endeavour to secure Aadhaar data hosted in UIDAI’s Central Identities Data Repository (CIDR). 

The candidates could also be listed in the Bounty Programs conducted by reputable companies such as Microsoft, Google, Facebook, Apple etc.

Aadhaar is the world’s largest digital identity program that provides for good governance, efficient, transparent, and targeted delivery of subsidies, benefits and services to over 1.32 billion Indians. UIDAI consistently undertakes strategic security measures to strengthen its foundational security infrastructure for the secure and safe delivery of Aadhaar services.

The process

UIDAI will evaluate all the applications received and then select the top 20 candidates, in case the number of applications exceeds the given number.

“For the evaluation, an independent committee will be formulated by UIDAI to assess and verify the candidates’ credentials, past bug hunting records/references, citations etc.,”

reads the circular.

The criteria

The circular states the eligibility criteria as follows:

  • The candidate should not be associated with any organisation and should be an Indian resident with a valid Aadhaar number.
  • The candidate must not be a current or former employee of UIDAI or one of its contracted technology support and audit organisations for the past 7 years.
  • If the candidate is not in the top 100 bug bounty leader boards, then they should at least be active in the bug bounty community/programs and should have submitted valid bugs or received bounty in the last year.

The empanelled candidates are free to withdraw their participation and UIDAI has the right to replace them with another deserving candidate. If the candidate follows through, they will need to sign a Non Disclosure Agreement (NDA) with UIDAI and abide by the instructions.

Interested participants may submit their application to [email protected] including any queries that they may have. 

The payout for the program has not been revealed yet by UIDAI.