Govt launches bug bounty program for Aarogya Setu app
A reward of ₹1 lakh will be awarded for finding security vulnerabilities in the app.
The Indian government on Tuesday open sourced the code for the Android version of its Aarogya Setu app. In addition to opening its Covid-19 contact tracing app to the developer community, the government also announced a bug bounty program for the same.
“Government has also launched a Bug Bounty Programme with a goal to partner with security researchers and Indian developer community to test the security effectiveness of Aarogya Setu and also to improve or enhance its security and build user’s trust,” NITI Aayog CEO Amitabh Kant said while making the announcement.
As a part of the bug bounty program, the government will give a reward of ₹1 lakh to the developers for finding security vulnerabilities in the app. Additionally, the government will provide a reward of ₹1 lakh for code improvements.
The details of the bug bounty program will be available on the government’s My Gov website. However, at the time of writing this article, the website had not been updated.
As far as the source code of the Aarogya Setu app is concerned, Kant said that the source code for the Android version of the app will be available for review and collaboration of GitHub starting May 26. The government will release the source code for the iOS version of the app in the coming two weeks and the server code will be released subsequently.