Find a Bug in The Aarogya Setu App or Suggest Improvements [Aarogya Setu Bug Bounty Programme] : An Opportunity to Be a Bounty Hunter

-
Aarogya Setu App is the weapon of every Indian has right now to fight agianst COVID-19 Pandemic. This App developed by government of India to protect the citizen of India from getting infected by COVID-19. Basically this app informs users if any infectious person come nearby the users, the app will notify the users by showing the risks posed by infectious person. In addition to this, the app also provide best practices and relevant advisories pertaining to the containment of COVID-19.

Important Notice : This Bug bounty program is open from 00:00 hrs 27-May-2020 to 23:59 hrs 26-June-2020. Only entries received between this period shall be considered for the reward. The participation link is given below at the end of this post.

An opportunity for Indian Developer : Aarogya Setu’s open-source code is up for analysis on GitHub for developers to grab - and it's a way for the government to lay to rest any privacy concerns that people may have.




The Government of India is committed to the protection of users' privacy, data, supporting systems and network security through a coordinated and constructive approach designed to drive the best possible protection for our citizen data.


AarogyaSetu application is developed keeping in mind the "Privacy by design principle". Despite the best measures taken, the presence of vulnerabilities may exist. When such vulnerabilities are found, Government would like to learn of them as soon as possible, allowing it to take swift action to fix them and thereby enhance the security. In addition to security, suggestions for code change for enhanced efficiency are also encouraged.


AarogyaSetu's Bug Bounty Programme has been prepared with the goal to partner with security researchers and Indian developer community to test the security effectiveness of AargoyaSetu and also to improve or enhance its security and build user's trust. 


HOW THE PROGRAM WILL WORK

  1. Aarogya Setu production build of the android app, followed by the iOS along with API documentation will be made available to open source research community.
  2. Everyone, including researchers and Users of Aarogya Setu, are encouraged to report any vulnerability impacting the privacy and information security posture of Aarogya Setu application.
  3. Security or Privacy related flaws discovered by the security researchers should be notified to : as - bugbounty@nic.in only, with subject line : Security Vulnerability Report, so that Aarogya Setu team can first verify the vulnerability (if any) and take action to fix the vulnerability. Doing so will be called ‘responsible disclosure’ and only such responsible disclosures shall be eligible for rewards.
  4. Any improvements to the source code of Aarogya Setu can also be reported to as -bugbounty@nic.in, with the subject line : Code Improvement
  5. Security Researchers will document their findings thoroughly, providing steps to reproduce and send report to us at as - bugbounty@nic.in. Reports with complete vulnerability details, including screenshots or video of POC, are essential for being eligible for reward.
  6. Aarogya Setu Team will contact the researchers to confirm that we've received the report and trace steps to reproduce the research.
  7. Aarogya Setu Team will notify researcher of remediation and may reach out for questions or clarification.
  8. Aarogya Setu Team will work to make necessary improvements and remediation to fix the vulnerability.
  9. Only those submissions that meet the following eligibility requirements and the Rules mentioned in Section 5.0, may receive a reward:
    • The vulnerability must be a qualifying vulnerability (see Scope)
    • Security Researcher may not publicly disclose the vulnerability prior to our resolution.
    • The Researcher/Company reporting the vulnerability/code improvements should not be employed/working for Aarogya Setu Project or its related activities/initiatives.
    • Employees (including their family members) of National Informatics Centre (NIC) and Ministry of Electronics & IT (MeitY) and its constituent organizations are not eligible.
    • All submissions sent to as - bugbounty@nic.in should have a written undertaking stating that the author/authors of the submission have read and understood the 'Aarogya Setu Bug Bounty Programme document and they adhere to all the clauses mentioned in the document.

PARTICIPATE NOW




For more details of this and other programs such kind please visit https://innovate.mygov.in/.

Comments

Post a Comment

Popular posts from this blog

Ex-Chhattisgarh CM Ajit Jogi suffers cardiac arrest, put on ventilator

-
Image
The 74-year-old leader is on ventilator support as his breathing is still irregular, said the hospital. According to the medical bulletin, the 74-year-old leader is on ventilator support as his breathing is still irregular. Summary Former Chhattisgarh chief minister Ajit Jogi was admitted in a private hospital here on Saturday after he suffered a cardiac arrest, doctors said, adding that his condition is critical. Citing the information provided by family members of the 74-year-old leader, the hospital said he fell unconscious in his home garden in Raipur this morning. Ajit Jogi’s son Amit Jogi told Hindustan Times that the health of his father is serious. As per a health bulletin released by Shree Narayana Hospital, Ajit Jogi was given cardio-pulmonary resuscitation (CPR) at his residence before he was rushed to the hospital. “Jogi suffered a cardiac arrest at his house only. As of now, his ECG and pulse have returned to normal which means his heartbeat is returning ...
Read more

Top 10 trending application of artificial intelligence (A.I.) in 2020

-
Image
Artificial Intelligence or Machine intelligence simulating human like intelligence through learning algorithms. Now a days artificial intelligence invaded almost every industry. AI industry booming in almost every fields recently. Let's look at the application of machine intelligence or AI in various domains. Application of AI in healthcare industry Recent developments in harnessing AI for healthcare system is trending as  per   recent scenario. It is requirement of recent times to develop this kind of systems which can transform the classical diagnosis tools through AI based diagnosis for the better future. Also AI based assistive system can be very useful for the doctors where shortage of doctors are an issue in time of emergency, e.g., COVID - 19 pandemic . The AI based systems trained on a millions of data points gathered from electronic health records of millions of patients and and this AI based system can diagnose a long history of patients better than doctors...
Read more

Top 5 Internships in Artificial Intelligence in 2020

-
Image
Internshala is India's no.1 internship and training platform with 40000+ paid internships in Engineering, MBA, media, law, arts, and other streams. Internshala is an internship and online training platform, based in Gurgaon, India. Founded by Sarvesh Agrawal, an IIT Madras alumnus, in 2010, the website helps students find internships with organisations in India. Here are the top five internships in AI 2020. Let's get started. Data Science work from home job/internship at YOLO INC. Data Science YOLO INC. Location : Work from Home Start date : Immediately Duration : Two months Stipend : ₹ 1000-6000 /month Posted On : 20 May'20 Apply By : 17 June' 20 Internship | Part time allowed About YOLO INC. ( http://yolofarms.in/ ) Largest event venue chain in India to book any celebration hassle free at an affordable rate. About the work from home job/internship selected intern's day to day responsibility include: Conducti...
Read more