MALINKA, Kamil, Anton FIRC, Pavel LOUTOCKÝ, Jakub VOSTOUPAL, Andrej KRIŠTOFÍK and František KASL. Using Real-world Bug Bounty Programs in Secure Coding Course: Experience Report. Online. In Proceedings of the 2024 Inno- vation and Technology in Computer Science Education V. 1 (ITiCSE 2024). New York: Association for Computing Machinery, 2024, p. 227-233. ISBN 979-8-4007-0600-4. Available from: https://dx.doi.org/10.1145/3649217.3653633.
Other formats:   BibTeX LaTeX RIS
Basic information
Original name Using Real-world Bug Bounty Programs in Secure Coding Course: Experience Report
Authors MALINKA, Kamil (203 Czech Republic, guarantor), Anton FIRC (203 Czech Republic), Pavel LOUTOCKÝ (203 Czech Republic, belonging to the institution), Jakub VOSTOUPAL (203 Czech Republic, belonging to the institution), Andrej KRIŠTOFÍK (703 Slovakia, belonging to the institution) and František KASL (203 Czech Republic, belonging to the institution).
Edition New York, Proceedings of the 2024 Inno- vation and Technology in Computer Science Education V. 1 (ITiCSE 2024), p. 227-233, 7 pp. 2024.
Publisher Association for Computing Machinery
Other information
Original language English
Type of outcome Proceedings paper
Field of Study 50501 Law
Country of publisher United States of America
Confidentiality degree is not subject to a state or trade secret
Publication form electronic version available online
WWW URL
Organization unit Faculty of Law
ISBN 979-8-4007-0600-4
ISSN 1942-647X
Doi http://dx.doi.org/10.1145/3649217.3653633
Keywords in English University Education; Bug Bounty; Cybersecurity Specialization; Secure coding; Course Assignment; Experience Report
Tags International impact, Reviewed
Changed by Changed by: Mgr. Andrej Krištofík, učo 458349. Changed: 1/8/2024 16:22.
Abstract
To keep up with the growing number of cyber-attacks and associ- ated threats, there is an ever-increasing demand for cybersecurity professionals and new methods and technologies. Training new cybersecurity professionals is a challenging task due to the broad scope of the area. One particular field where there is a shortage of experts is Ethical Hacking. Due to its complexity, it often faces educational constraints. Recognizing these challenges, we propose a solution: integrating a real-world bug bounty programme into the cybersecurity curriculum. This innovative approach aims to fill the practical cybersecurity education gap and brings additional positive benefits. To evaluate our idea, we include the proposed solution to a se- cure coding course for IT-oriented faculty. We let students choose to participate in a bug bounty programme as an option for the semester assignment in a secure coding course. We then collected responses from the students to evaluate the outcomes (improved skills, reported vulnerabilities, a better relationship with security, etc.). Evaluation of the assignment showed that students enjoyed solving such real-world problems, could find real vulnerabilities, and that it helped raise their skills and cybersecurity awareness. Participation in real bug bounty programmes also positively af- fects the security level of the tested products. We also discuss the potential risks of this approach and how to mitigate them.
PrintDisplayed: 5/8/2024 13:21