Using Real-world Bug Bounty Programs in Secure Coding Course:
Experience Report

D 2024

Using Real-world Bug Bounty Programs in Secure Coding Course: Experience Report

MALINKA, Kamil, Anton FIRC, Pavel LOUTOCKÝ, Jakub VOSTOUPAL, Andrej KRIŠTOFÍK et. al.

Základní údaje

Originální název

Using Real-world Bug Bounty Programs in Secure Coding Course: Experience Report

Autoři

MALINKA, Kamil (203 Česká republika, garant), Anton FIRC (203 Česká republika), Pavel LOUTOCKÝ (203 Česká republika, domácí), Jakub VOSTOUPAL (203 Česká republika, domácí), Andrej KRIŠTOFÍK (703 Slovensko, domácí) a František KASL (203 Česká republika, domácí)

Vydání

New York, Proceedings of the 2024 Inno- vation and Technology in Computer Science Education V. 1 (ITiCSE 2024), od s. 227-233, 7 s. 2024

Nakladatel

Association for Computing Machinery

Další údaje

Jazyk

angličtina

Typ výsledku

Stať ve sborníku

Obor

50501 Law

Stát vydavatele

Spojené státy

Utajení

není předmětem státního či obchodního tajemství

Forma vydání

elektronická verze "online"

Odkazy

URL

Organizační jednotka

Právnická fakulta

ISBN

979-8-4007-0600-4

ISSN

DOI

http://dx.doi.org/10.1145/3649217.3653633

Klíčová slova anglicky

University Education; Bug Bounty; Cybersecurity Specialization; Secure coding; Course Assignment; Experience Report

Příznaky

Mezinárodní význam, Recenzováno

Změněno: 1. 8. 2024 16:22, Mgr. Andrej Krištofík

Anotace

V originále

To keep up with the growing number of cyber-attacks and associ- ated threats, there is an ever-increasing demand for cybersecurity professionals and new methods and technologies. Training new cybersecurity professionals is a challenging task due to the broad scope of the area. One particular field where there is a shortage of experts is Ethical Hacking. Due to its complexity, it often faces educational constraints. Recognizing these challenges, we propose a solution: integrating a real-world bug bounty programme into the cybersecurity curriculum. This innovative approach aims to fill the practical cybersecurity education gap and brings additional positive benefits. To evaluate our idea, we include the proposed solution to a se- cure coding course for IT-oriented faculty. We let students choose to participate in a bug bounty programme as an option for the semester assignment in a secure coding course. We then collected responses from the students to evaluate the outcomes (improved skills, reported vulnerabilities, a better relationship with security, etc.). Evaluation of the assignment showed that students enjoyed solving such real-world problems, could find real vulnerabilities, and that it helped raise their skills and cybersecurity awareness. Participation in real bug bounty programmes also positively af- fects the security level of the tested products. We also discuss the potential risks of this approach and how to mitigate them.

Citovat

MALINKA, Kamil, Anton FIRC, Pavel LOUTOCKÝ, Jakub VOSTOUPAL, Andrej KRIŠTOFÍK a František KASL. Using Real-world Bug Bounty Programs in Secure Coding Course: Experience Report. Online. In Proceedings of the 2024 Inno- vation and Technology in Computer Science Education V. 1 (ITiCSE 2024). New York: Association for Computing Machinery, 2024, s. 227-233. ISBN 979-8-4007-0600-4. Dostupné z: https://dx.doi.org/10.1145/3649217.3653633.

@inproceedings{2399477,
   author = {Malinka, Kamil and Firc, Anton and Loutocký, Pavel and Vostoupal, Jakub and Krištofík, Andrej and Kasl, František},
   address = {New York},
   booktitle = {Proceedings of the 2024 Inno- vation and Technology in Computer Science Education V. 1 (ITiCSE 2024)},
   doi = {http://dx.doi.org/10.1145/3649217.3653633},
   keywords = {University Education; Bug Bounty; Cybersecurity Specialization; Secure coding; Course Assignment; Experience Report},
   howpublished = {elektronická verze "online"},
   language = {eng},
   location = {New York},
   isbn = {979-8-4007-0600-4},
   pages = {227-233},
   publisher = {Association for Computing Machinery},
   title = {Using Real-world Bug Bounty Programs in Secure Coding Course: Experience Report},
   url = {https://arxiv.org/abs/2404.12043},
   year = {2024}
}

TY  - JOUR
ID  - 2399477
AU  - Malinka, Kamil - Firc, Anton - Loutocký, Pavel - Vostoupal, Jakub - Krištofík, Andrej - Kasl, František
PY  - 2024
TI  - Using Real-world Bug Bounty Programs in Secure Coding Course: Experience Report
PB  - Association for Computing Machinery
CY  - New York
SN  - 9798400706004
KW  - University Education
KW  - Bug Bounty
KW  - Cybersecurity Specialization
KW  - Secure coding
KW  - Course Assignment
KW  - Experience Report
UR  - https://arxiv.org/abs/2404.12043
N2  - To keep up with the growing number of cyber-attacks and associ- ated threats, there is an ever-increasing demand for cybersecurity professionals and new methods and technologies. Training new cybersecurity professionals is a challenging task due to the broad scope of the area. One particular field where there is a shortage of experts is Ethical Hacking. Due to its complexity, it often faces educational constraints. Recognizing these challenges, we propose a solution: integrating a real-world bug bounty programme into the cybersecurity curriculum. This innovative approach aims to fill the practical cybersecurity education gap and brings additional positive benefits. To evaluate our idea, we include the proposed solution to a se- cure coding course for IT-oriented faculty. We let students choose to participate in a bug bounty programme as an option for the semester assignment in a secure coding course. We then collected responses from the students to evaluate the outcomes (improved skills, reported vulnerabilities, a better relationship with security, etc.). Evaluation of the assignment showed that students enjoyed solving such real-world problems, could find real vulnerabilities, and that it helped raise their skills and cybersecurity awareness. Participation in real bug bounty programmes also positively af- fects the security level of the tested products. We also discuss the potential risks of this approach and how to mitigate them.
ER  -

MALINKA, Kamil, Anton FIRC, Pavel LOUTOCKÝ, Jakub VOSTOUPAL, Andrej KRIŠTOFÍK a František KASL. Using Real-world Bug Bounty Programs in Secure Coding Course: Experience Report. Online. In \textit{Proceedings of the 2024 Inno- vation and Technology in Computer Science Education V. 1 (ITiCSE 2024)}. New York: Association for Computing Machinery, 2024, s.~227-233. ISBN~979-8-4007-0600-4. Dostupné z: https://dx.doi.org/10.1145/3649217.3653633.

Podrobný výpis o publikaci