CERT-In

Delaying the inevitable: Implementation of CERT-In’s Cybersecurity Directions gets a piecemeal extension

CERT-In has extended the timeline for partial enforcement of Cyber Security Directions dated April 28, 2022. The timeline for enforcement of the directions by MSMEs and enforcement of Direction 5 (a) and (f) by entities mentioned in Direction 5 is September 25, 2022.

SnTHostings - a VPN, Seedbox and Root Server provider - urges MeitY to withdraw the unlawful CERT-In direction which will be effective from June 27, 2022

SnTHosting has addressed legal representation to MeitY seeking recall of the CERT-In Directions which mandate them to surveil their users and collect their personal data and make such data available to CERT-In on demand.

CERT-In Directions on Cybersecurity: An Explainer

On April 28, 2022, CERT-In issued directions aimed at strengthening India's cybersecurity. Issued without public consultations, these directions raise concerns related to state sponsored surveillance and data retention beyond need or purpose. We thus call on CERT-In to recall these directions.

Student data exposed on Andhra Pradesh Government Examination website!

tl;dr Sai Sravan Prabhala, a cyber-security researcher, informed us of a critical vulnerability exposing the sensitive personal information of minors. This existed on the website of the Directorate of Government Examinations, Government of Andhra Pradesh’s for the 2021 examinations. While this functionality itself has been removed, to prevent

Over to you MeitY: IFF's representation on CERT-In's Responsible Vulnerability Disclosure and Coordination Policy

CERT-In responded to our representation on the Responsible Vulnerability Disclosure and Coordination Policy and clarified that the Policy is following the existing provisions of the law. Therefore, now we ask MeitY to amend the law to provide a safe harbour for security researchers.