National Informatics Center (NIC) has set up nationwide ICT infrastructure for Central Government, State Government, Union Territory Administration, and other government bodies including the districts. Their services range from creating and maintaining government websites to maintaining and setting up data centers and the cloud system to name a few. All these services play an important role in delivering citizen-centric services.
As NIC has the responsibility to maintain such vast technological infrastructure, the possibility of bugs and vulnerabilities being present in the system also increases.
NIC has recognized this possibility and created a Responsible Vulnerability Disclosure Program so that bugs and vulnerabilities can be quashed and fixed and the confidential information remains confidential.
When I learned about this program I was elated to find bugs and submit reports because just like any other citizen I too want freedom and along with that privacy while browsing the internet.
But after submitting a couple of reports and getting acknowledgment from the NIC team in 2-3 business days, I believed that they would fix the bugs and vulnerabilities in a month or max to max in two months time, but even after 4 months time, I observed that they failed to fix those vulnerabilities. As a cybersecurity researcher, this did not only personally demoralize me from finding bugs but also made me question the effectiveness of the NIC team in safeguarding our information and if India is prepared to ward off any mass cyberattacks.
This first-hand experience has also instilled a fear inside me and now I am hesitant in uploading any type of data or document on any government portal or website because I always assumed that the information which I am providing to the Government will be stored with maximum security and they would be prioritizing national security the most.
I would love to know from this community if they have experienced anything similar and to gain insights as to how we can solve this problem.
P.S: I am new to the community and this is my first post and I am still learning how this forum works so please forgive me if I made any mistake while writing this post. Thank you