Unveiling the Bounty
In a significant move to bolster the security of India's vast Aadhaar identity system, the Unique Identification Authority of India (UIDAI) initiated its
inaugural structured Bug Bounty Programme in March 2026. This proactive initiative brought together twenty leading cybersecurity experts and ethical hackers, tasking them with rigorously scrutinizing the digital infrastructure that supports Aadhaar. Their crucial role involves identifying and reporting any potential flaws or vulnerabilities present in key platforms such as the official UIDAI website, the user-friendly myAadhaar portal, and the Secure QR Code application. By engaging these specialized professionals, UIDAI aims to leverage external expertise to detect and rectify security gaps, thereby ensuring the integrity and protection of the massive amount of sensitive identity data managed by the system.
Rewards and Responsibility
The Bug Bounty Programme operates on a clear framework for reporting and rewarding discovered issues. Security researchers are required to categorize any identified bugs based on their severity, assigning them to risk levels including critical, high, medium, or low. The UIDAI then evaluates these findings, determining the appropriate reward for each reported vulnerability based on its impact and seriousness. A fundamental tenet of this program is responsible disclosure; all discovered issues must be reported exclusively through designated official channels. Participants are strictly prohibited from publicly disclosing or exploiting any bugs before they have been reported and addressed, ensuring that the process prioritizes security and prevents potential misuse of information.
Strategic Partnership for Security
To ensure the efficient and effective execution of its Bug Bounty Programme, the UIDAI has forged a strategic partnership with ComOlho IT Private Limited. This collaboration serves as an essential component in UIDAI's ongoing commitment to maintaining robust digital security. The alliance is designed to complement and enhance the existing security measures already in place, such as regular audits and continuous monitoring of its systems. By integrating this external expertise and structured bug hunting process, UIDAI aims to create an additional, robust layer of defense, reinforcing the security posture of its critical digital platforms and assuring citizens that their Aadhaar data remains protected against evolving cyber threats.
