All

What are you looking for?

All
Projects
Results
Organizations

Quick search

  • Projects supported by TA ČR
  • Excellent projects
  • Projects with the highest public support
  • Current projects

Smart search

  • That is how I find a specific +word
  • That is how I leave the -word out of the results
  • “That is how I can find the whole phrase”
EN
ČeštinaEnglish

Using Real-world Bug Bounty Programs in Secure Coding Course: Experience Report

The result's identifiers

  • Result code in IS VaVaI

    <a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14220%2F24%3A00135947" target="_blank" >RIV/00216224:14220/24:00135947 - isvavai.cz</a>

  • Alternative codes found

    RIV/00216305:26230/24:PU151816

  • Result on the web

    <a href="https://arxiv.org/abs/2404.12043" target="_blank" >https://arxiv.org/abs/2404.12043</a>

  • DOI - Digital Object Identifier

    <a href="http://dx.doi.org/10.1145/3649217.3653633" target="_blank" >10.1145/3649217.3653633</a>

Alternative languages

  • Result language

    angličtina

  • Original language name

    Using Real-world Bug Bounty Programs in Secure Coding Course: Experience Report

  • Original language description

    To keep up with the growing number of cyber-attacks and associ- ated threats, there is an ever-increasing demand for cybersecurity professionals and new methods and technologies. Training new cybersecurity professionals is a challenging task due to the broad scope of the area. One particular field where there is a shortage of experts is Ethical Hacking. Due to its complexity, it often faces educational constraints. Recognizing these challenges, we propose a solution: integrating a real-world bug bounty programme into the cybersecurity curriculum. This innovative approach aims to fill the practical cybersecurity education gap and brings additional positive benefits. To evaluate our idea, we include the proposed solution to a se- cure coding course for IT-oriented faculty. We let students choose to participate in a bug bounty programme as an option for the semester assignment in a secure coding course. We then collected responses from the students to evaluate the outcomes (improved skills, reported vulnerabilities, a better relationship with security, etc.). Evaluation of the assignment showed that students enjoyed solving such real-world problems, could find real vulnerabilities, and that it helped raise their skills and cybersecurity awareness. Participation in real bug bounty programmes also positively af- fects the security level of the tested products. We also discuss the potential risks of this approach and how to mitigate them.

  • Czech name

  • Czech description

Classification

  • Type

    D - Article in proceedings

  • CEP classification

  • OECD FORD branch

    50501 - Law

Result continuities

  • Project

  • Continuities

    I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace

Others

  • Publication year

    2024

  • Confidentiality

    S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Data specific for result type

  • Article name in the collection

    Proceedings of the 2024 Inno- vation and Technology in Computer Science Education V. 1 (ITiCSE 2024)

  • ISBN

    9798400706004

  • ISSN

    1942-647X

  • e-ISSN

  • Number of pages

    7

  • Pages from-to

    227-233

  • Publisher name

    Association for Computing Machinery

  • Place of publication

    New York

  • Event location

    New York

  • Event date

    Jan 1, 2024

  • Type of event by nationality

    WRD - Celosvětová akce

  • UT code for WoS article

    001265872600034

Similar results(10)

Beyond the Bugs: Enhancing Bug Bounty Programs through Academic PartnershipsCybersecurity Knowledge and Skills Taught in Capture the Flag ChallengesData-driven insight into the puzzle-based cybersecurity training