Publication Details

Using Real-world Bug Bounty Programs in Secure Coding Course: Experience Report

MALINKA Kamil, FIRC Anton, LOUTOCKÝ Pavel, VOSTOUPAL Jakub, KRIŠTOFÍK Andrej and KASL František. Using Real-world Bug Bounty Programs in Secure Coding Course: Experience Report. In: Annual Conference on Innovation and Technology in Computer Science Education, ITiCSE. New York, NY, USA: Association for Computing Machinery, 2024, pp. 227-233. ISBN 979-8-4007-0600-4. Available from: https://doi.org/10.1145/3649217.3653633
Czech title
Využití reálných programů odměn za chyby v kurzech bezpečného kódování: Zpráva o zkušenostech
Type
conference paper
Language
english
Authors
Malinka Kamil, Mgr., Ph.D. (DITS FIT BUT)
Firc Anton, Ing. (DITS FIT BUT)
Loutocký Pavel, JUDr., BA (Hons), Ph.D. (MUNI)
Vostoupal Jakub (MUNI)
Krištofík Andrej (MUNI)
Kasl František (MUNI)
URL
Keywords

bug bounty, course assignment, cybersecurity specialization, experience report, secure coding, university education

Abstract

To keep up with the growing number of cyber-attacks and associated threats, there is an ever-increasing demand for cybersecurity professionals and new methods and technologies. Training new cybersecurity professionals is a challenging task due to the broad scope of the area. One particular field where there is a shortage of experts is Ethical Hacking. Due to its complexity, it often faces educational constraints. Recognizing these challenges, we propose a solution: integrating a real-world bug bounty programme into the cybersecurity curriculum. This innovative approach aims to fill the practical cybersecurity education gap and brings additional positive benefits.To evaluate our idea, we include the proposed solution to a secure coding course for IT-oriented faculty. We let students choose to participate in a bug bounty programme as an option for the semester assignment in a secure coding course. We then collected responses from the students to evaluate the outcomes (improved skills, reported vulnerabilities, a better relationship with security, etc.). Evaluation of the assignment showed that students enjoyed solving such real-world problems, could find real vulnerabilities, and that it helped raise their skills and cybersecurity awareness. Participation in real bug bounty programmes also positively affects the security level of the tested products. We also discuss the potential risks of this approach and how to mitigate them.

Published
2024
Pages
227-233
Proceedings
Annual Conference on Innovation and Technology in Computer Science Education, ITiCSE
Conference
29th annual ACM conference on Innovation and Technology in Computer Science Education, Milan, IT, IT
ISBN
979-8-4007-0600-4
Publisher
Association for Computing Machinery
Place
New York, NY, USA, US
DOI
10.1145/3649217.3653633
EID Scopus
2-s2.0-85198901766
BibTeX 
@INPROCEEDINGS{FITPUB13169,
   author = "Kamil Malinka and Anton Firc and Pavel Loutock\'{y} and Jakub Vostoupal and Andrej Kri\v{s}tof\'{i}k and Franti\v{s}ek Kasl",
   title = "Using Real-world Bug Bounty Programs in Secure Coding Course: Experience Report",
   pages = "227--233",
   booktitle = "Annual Conference on Innovation and Technology in Computer Science Education, ITiCSE",
   year = 2024,
   location = "New York, NY, USA, US",
   publisher = "Association for Computing Machinery",
   ISBN = "979-8-4007-0600-4",
   doi = "10.1145/3649217.3653633",
   language = "english",
   url = "https://www.fit.vut.cz/research/publication/13169"
}
Back to top