Moneycontrol PRO
Open App
Upcoming Event : Traders Conclave 2022 | India's Largest Retail Stock Investors & Traders Residential Conclave
you are here: HomeNewsIndia

Aarogya Setu Bug Bounty programme: Here's all you need to know

Security researchers or developers who identify vulnerabilities or loopholes in the Aarogya Setu app and bring it to the notice of the government can now win a reward of up to Rs 3 lakh.

May 27, 2020 / 07:28 PM IST

Any security researcher or developer who identifies vulnerabilities or loopholes in the Aarogya Setu app and brings it to the notice of the government can now win a reward of up to Rs 3 lakh.

The Aarogya Setu Bug Bounty Programme

In the latest move to enhance the quality of its COVID-19 contact tracing app, the government has launched the Aarogya Setu Bug Bounty Programme. Under this, members of the Indian developer community or users of the app stand a chance to win cash prizes ranging between Rs 1 lakh to Rs 3 lakh, depending upon the nature of the security flaw they identify in the app, or suggestions put forth for improvement in its source code.

The idea behind eliciting people's participation is to join hands with security researchers, developers and users to further bolster the security effectiveness of the app.

How to make a 'responsible disclosure' to report a flaw 


COVID-19 Vaccine

Frequently Asked Questions

View more
How does a vaccine work?

A vaccine works by mimicking a natural infection. A vaccine not only induces immune response to protect people from any future COVID-19 infection, but also helps quickly build herd immunity to put an end to the pandemic. Herd immunity occurs when a sufficient percentage of a population becomes immune to a disease, making the spread of disease from person to person unlikely. The good news is that SARS-CoV-2 virus has been fairly stable, which increases the viability of a vaccine.

How many types of vaccines are there?

There are broadly four types of vaccine — one, a vaccine based on the whole virus (this could be either inactivated, or an attenuated [weakened] virus vaccine); two, a non-replicating viral vector vaccine that uses a benign virus as vector that carries the antigen of SARS-CoV; three, nucleic-acid vaccines that have genetic material like DNA and RNA of antigens like spike protein given to a person, helping human cells decode genetic material and produce the vaccine; and four, protein subunit vaccine wherein the recombinant proteins of SARS-COV-2 along with an adjuvant (booster) is given as a vaccine.

What does it take to develop a vaccine of this kind?

Vaccine development is a long, complex process. Unlike drugs that are given to people with a diseased, vaccines are given to healthy people and also vulnerable sections such as children, pregnant women and the elderly. So rigorous tests are compulsory. History says that the fastest time it took to develop a vaccine is five years, but it usually takes double or sometimes triple that time.

View more

If one is able to identify security or privacy-related flaws, the same should be notified exclusively to The subject line must read as Security Vulnerability Report. The team of the Aarogya Setu app will then verify the vulnerability (if any) and accordingly take action to fix it.

This method has to be followed in order to qualify as a 'responsible disclosure'. Only those who make such 'responsible disclosures' will be eligible for the rewards.

Other eligibility requirements 

The vulnerability must be a 'qualifying vulnerability' as detailed in the programme document. The same should not have been publicly disclosed by the individual, prior to the government's resolution.

The individual (researcher) or company reporting the vulnerability or code improvements should not be employed with or working for the Aarogya Setu Project or related initiatives. Employees (including their family members) of the National Informatics Centre (NIC) and the Ministry of Electronics and Information Technology (MeitY) and its constituent organisations are also not eligible.

All submissions should have a written undertaking stating that the author/authors of the submission have read and understood the Aarogya Setu Bug Bounty Programme document and that they adhere to all the clauses mentioned in the document.

Who can participate and win rewards

The programme is open to only those residing in India. People residing outside the country are also allowed to make submissions under the bug bounty programme, but there will be no cash rewards for them.

Submissions can be made either by individuals or in a group of not more than 5 or in the name of an organisation.

The Bug Bounty programme is open from 00:00 hrs on May 27 to 23:59 hrs on June 26, 2020. Only entries received between this period shall be eligible to be considered for the rewards.
Invite your friends and family to sign up for MC Tech 3, our daily newsletter that breaks down the biggest tech and startup stories of the day

Moneycontrol News
first published: May 27, 2020 06:46 pm
ISO 27001 - BSI Assurance Mark