Aarogya Setu Source Code Open, Reward for Finding Security Flaws

14
Aarogya Setu Source Code Open, Reward for Finding Security Flaws

On Tuesday, the government on announced opening the source code of Aarogya Setu application. The Aarogya Setu is a coronavirus tracking app. The source code is made public for scrutiny by the developer community to address privacy concerns and launching a bug bounty programme for finding security flaws.
NITI Aayog CEO Amitabh Kant affirmed that no other government in the world has been open source at this scale.

Kant said that the construction of the application took place keeping in mind its transparency, security and privacy. Now, the Government has opened the source code, thus adhering to what it stands by.

Neeta Verma, Director General of National Informatics Centre said that there will be categories of rewards for people who find a bug in the app and come up with a suggestion to improve the programming of the app.

Four Categories For Rewards- Aarogya Setu

She added that a prize of Rs. 1 lakh dedicated to each of the three categories of securities vulnerability. She further said that the prize for code improvement bounty is Rs. 1 lakh.
With the app’s launching on April 2, it has 11.5 crore users up till now. Verma said that the source code of the application will be available after 12 am-midnight at Github.

Previously, the Government alleged by Advocacy groups that Aarogya Setu used for surveillance. A cybersecurity expert also made similar allegations that there are loopholes in the app.
After the made accusations, on May 11 the government issued guidelines for data processing of Aarogya Setu app users. It further added a few clauses that may lead to the imprisonment of persons found guilty of violating certain norms.

As per the new rules the app cannot store the data for more than 180 days. The app also enabled individuals with the feature of deleting their data from the government’s Aarogya Setu related record within 30 days of raising the request.
The new norms allow the collection of only demographic, contact, self-assessment and location data of persons infected by the coronavirus or those who come in contact with the infected person.

Source

Facebook Comments