CBSE Drops Vendor After IIT Experts Find Security Flaws

The Central Board of Secondary Education (CBSE) has dropped its third-party vendor for the On-Screen Marking (OSM) system following reports of serious security gaps ^[1].

This shift follows a security review by experts from IIT Kanpur and IIT Madras, who identified vulnerabilities that could compromise student data. The board's decision to abandon the external contractor reflects the critical nature of digital examination integrity and the risks associated with outsourced academic infrastructure [1, 2].

According to the board, the security flaws were exposed using AI tools ^[1]. These vulnerabilities raised significant concerns regarding the safety of sensitive student information, and the overall reliability of the re-evaluation process. In addition to the technical failures, there were allegations of irregularities regarding the tendering process used to select the vendor [1, 2].

CBSE said it would penalize the contractor for these failures ^[2]. The board is now transitioning to an in-house re-evaluation portal to ensure better oversight and security of the marking process ^[2]. This move aims to eliminate the risks associated with third-party access to the board's internal data and marking workflows.

The transition to an internal system follows the identification of technical flaws that could have allowed unauthorized access to the portal ^[1]. By bringing the portal in-house, the board intends to establish a more secure environment for the re-evaluation of student scripts, reducing the likelihood of external breaches or data leaks ^[2].