Call: 9599-699-007 info@sumatiias.com
Logo
WhatsApp

Bug Bounty Programme-UIDAI
 
Why in News?
On March 11, 2026, the Unique Identification Authority of India (UIDAI) has officially launched its first structured Bug Bounty Programme
 
About
  • Official Launch: The programme was announced to further fortify the security of the Aadhaar ecosystem, which is the cornerstone of India's digital identity.
  • Expert Panel Selection: A specialized panel of 20 experienced cybersecurity researchers and ethical hackers has been selected to probe key digital assets for vulnerabilities.
  • Strategic Partnership: The initiative is being implemented in collaboration with M/s ComOlho IT Private Limited, a cybersecurity solutions provider.
Scope and Targeted Assets
The programme invites researchers to identify and responsibly report security gaps in specific UIDAI digital platforms, including: 
  • Official UIDAI Website: The primary information hub for residents.
  • myAadhaar Portal: The interface used by citizens for various Aadhaar-related services.
  • Secure QR Code Application: The tool used for offline verification of Aadhaar data. 
Reward Structure
  • Severity-Based Payouts: Rewards are distributed based on the seriousness of the identified vulnerability.
  • Risk Categorization: Potential security gaps are classified into four categories: Critical, High, Medium, and Low risk.
  • Global Alignment: The payout model aligns with standard practices used by major global technology platforms to incentivize high-quality research. 
Eligibility and Selection Criteria
Participation is highly selective to ensure a "secure and authorized environment": 
  • Top-Tier Talent: Candidates must typically be listed in the top 100 of global bug bounty leaderboards (such as HackerOne or Bugcrowd) or have a proven track record with companies like Google, Microsoft, or Apple.
  • Vetting Process: Shortlisted researchers undergo background verification, which includes proof of Indian Citizenship and a signed Non-Disclosure Agreement (NDA).
  • Conflict of Interest: Current or former employees of UIDAI or its contracted technology support partners (within the last 7 years) are ineligible to participate. 
Objectives and Implementation
  • Proactive Defense: The goal is to move from reactive patching to a proactive strategy by identifying "hidden risks" before they can be exploited by malicious actors.
  • Layered Security: This programme serves as an additional layer of protection, complementing UIDAI's existing measures like regular security audits, vulnerability assessments, and continuous monitoring.
  • Triage and Validation: The partner, ComOlho IT, manages the submission process, validates findings, and facilitates communication between the "bounty hunters" and the UIDAI Tech Centre in Bengaluru.

Download Pdf
Logo Logo
Student Login
Get in Touch
logo Get in Touch