The Unique Identification Authority of India (UIDAI) has launched its first structured Bug Bounty Programme aimed at strengthening the security of the Aadhaar ecosystem.
The initiative invites cybersecurity experts and ethical hackers to identify potential vulnerabilities in UIDAI’s digital platforms and help improve the resilience of its systems.
Ethical Hackers to Test Aadhaar Digital Platforms
As part of the programme, UIDAI has selected 20 experienced security researchers and ethical hackers who will examine key digital assets of the Aadhaar ecosystem.
These include:
- The official UIDAI website
- The myAadhaar portal
- The Secure QR Code application
Participants will test these platforms to identify potential security vulnerabilities and report them through a responsible disclosure mechanism.
Rewards Based on Severity of Security Flaws
Under the bug bounty programme, reported vulnerabilities will be classified into four categories based on their severity:
- Critical
- High
- Medium
- Low
Researchers who successfully identify security weaknesses will receive rewards depending on the severity and impact of the vulnerabilities discovered.
UIDAI said the programme is designed to proactively detect and address potential security gaps before they can be exploited.
Collaboration with Cybersecurity Firm
The initiative is being implemented in collaboration with ComOlho IT Private Limited, which will assist in coordinating and managing the bug bounty programme.
The firm will help streamline communication between researchers and UIDAI while ensuring responsible reporting and evaluation of vulnerabilities.
Additional Layer of Digital Security
UIDAI noted that information security is critical in today’s increasingly digital ecosystem.
The authority already employs multiple security measures, including:
- Regular security audits
- Vulnerability assessments
- Penetration testing
- Continuous monitoring of digital systems
The bug bounty initiative will act as an additional layer of defence, enabling independent experts to detect hidden risks and improve the robustness of Aadhaar’s digital infrastructure.
Global Practice in Cybersecurity
According to the Ministry of Electronics and Information Technology, bug bounty programmes are widely used by leading global technology companies to strengthen cybersecurity.
By adopting a similar approach, the government aims to make India’s digital identity infrastructure more secure, resilient and future-ready.
