UIDAI launches program to identify, block vulnerabilities in Aadhaar biometric database
A bug bounty program whose objective is to enhance security around the Central Identities Data Repository (CIDR) – the database holding biometric information of over 1.3 billion Aadhaar card holders – has been launched by the Unique Identification Authority of India (UIDAI).
In cyber security, a bug bounty program is a process by which individuals, usually ethical hackers, are compensated to identify bugs and vulnerabilities in order to avoid widespread data security breaches.
As CNBC TV18 reports, the UIDAI is looking for 20 bug finders with experience in bounty programs with some of the big tech giants such as Apple, Google, Facebook and Microsoft. However, they should be individuals with no affinity to any organization and must have an Aadhaar number, adds the report.
A committee has been set up to evaluate the profiles of the candidates, according to a UIDAI circular quoted by CNBC TV18. Things the committee will be looking out for include the candidates’ credentials, experience and record in bug hunting as well as citations of their work.
The 20 candidates will be selected from a pool of 100 applicants.
The UIDAI circular also prescribes that applicants should, among other things, not be employees of UIDAI or any of their contracted partners. They should be a member of the top 100 bug bounty boards in the world, must be ready to sign a non-disclosure agreement so as not to reveal any sensitive information they may come across, and must adhere to other instructions that will be given them.
Payment details for the bounty program have not been divulged.
UIDAI says the bug bounty program is part of its continuous efforts in strengthening the security of the Aadhaar biometric system.
The strong points of the Aadhaar were highlighted during the recent Digital India Week, while an earlier audit report points to some of the shortcomings of the system which need improvement.
Article Topics
Aadhaar | biometric database | biometrics | bug bounty | data protection | government services | India | research and development | UIDAI
Comments