Publication Details

Using Real-world Bug Bounty Programs in Secure Coding Course: Experience Report

MALINKA, K.; FIRC, A.; LOUTOCKÝ, P.; VOSTOUPAL, J.; KRIŠTOFÍK, A.; KASL, F. Using Real-world Bug Bounty Programs in Secure Coding Course: Experience Report. In Annual Conference on Innovation and Technology in Computer Science Education, ITiCSE. New York, NY, USA: Association for Computing Machinery, 2024. p. 227-233. ISBN: 979-8-4007-0600-4.

Czech title

Využití reálných programů odměn za chyby v kurzech bezpečného kódování: Zpráva o zkušenostech

Type

conference paper

Language

English

Authors

Malinka Kamil, Mgr., Ph.D. (DITS)
Firc Anton, Ing. (DITS)
LOUTOCKÝ, P.
VOSTOUPAL, J.
KRIŠTOFÍK, A.
KASL, F.

URL

https://doi.org/10.1145/3649217.3653633

Keywords

bug bounty, course assignment, cybersecurity specialization, experience report,
secure coding, university education

Abstract

To keep up with the growing number of cyber-attacks and associated threats, there
is an ever-increasing demand for cybersecurity professionals and new methods and
technologies. Training new cybersecurity professionals is a challenging task due
to the broad scope of the area. One particular field where there is a shortage of
experts is Ethical Hacking. Due to its complexity, it often faces educational
constraints. Recognizing these challenges, we propose a solution: integrating
a real-world bug bounty programme into the cybersecurity curriculum. This
innovative approach aims to fill the practical cybersecurity education gap and
brings additional positive benefits.To evaluate our idea, we include the proposed
solution to a secure coding course for IT-oriented faculty. We let students
choose to participate in a bug bounty programme as an option for the semester
assignment in a secure coding course. We then collected responses from the
students to evaluate the outcomes (improved skills, reported vulnerabilities,
a better relationship with security, etc.). Evaluation of the assignment showed
that students enjoyed solving such real-world problems, could find real
vulnerabilities, and that it helped raise their skills and cybersecurity
awareness. Participation in real bug bounty programmes also positively affects
the security level of the tested products. We also discuss the potential risks of
this approach and how to mitigate them.

Published

2024

Pages

227–233

Proceedings

Annual Conference on Innovation and Technology in Computer Science Education, ITiCSE

Conference

29th annual ACM conference on Innovation and Technology in Computer Science Education, Milan, IT, IT

ISBN

979-8-4007-0600-4

Publisher

Association for Computing Machinery

Place

New York, NY, USA

DOI

10.1145/3649217.3653633

UT WoS

001265872600034

EID Scopus

2-s2.0-85198901766

BibTeX

@inproceedings{BUT189201,
  author="MALINKA, K. and FIRC, A. and LOUTOCKÝ, P. and VOSTOUPAL, J. and KRIŠTOFÍK, A. and KASL, F.",
  title="Using Real-world Bug Bounty Programs in Secure Coding Course: Experience Report",
  booktitle="Annual Conference on Innovation and Technology in Computer Science Education, ITiCSE",
  year="2024",
  pages="227--233",
  publisher="Association for Computing Machinery",
  address="New York, NY, USA",
  doi="10.1145/3649217.3653633",
  isbn="979-8-4007-0600-4",
  url="https://doi.org/10.1145/3649217.3653633"
}