Using Real-world Bug Bounty Programs in Secure Coding Course: Experience Report

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14220%2F24%3A00135947" target="_blank" >RIV/00216224:14220/24:00135947 - isvavai.cz</a>

Nalezeny alternativní kódy

RIV/00216305:26230/24:PU151816

Výsledek na webu

<a href="https://arxiv.org/abs/2404.12043" target="_blank" >https://arxiv.org/abs/2404.12043</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.1145/3649217.3653633" target="_blank" >10.1145/3649217.3653633</a>

Jazyk výsledku

angličtina

Název v původním jazyce

Using Real-world Bug Bounty Programs in Secure Coding Course: Experience Report

Popis výsledku v původním jazyce

To keep up with the growing number of cyber-attacks and associ- ated threats, there is an ever-increasing demand for cybersecurity professionals and new methods and technologies. Training new cybersecurity professionals is a challenging task due to the broad scope of the area. One particular field where there is a shortage of experts is Ethical Hacking. Due to its complexity, it often faces educational constraints. Recognizing these challenges, we propose a solution: integrating a real-world bug bounty programme into the cybersecurity curriculum. This innovative approach aims to fill the practical cybersecurity education gap and brings additional positive benefits. To evaluate our idea, we include the proposed solution to a se- cure coding course for IT-oriented faculty. We let students choose to participate in a bug bounty programme as an option for the semester assignment in a secure coding course. We then collected responses from the students to evaluate the outcomes (improved skills, reported vulnerabilities, a better relationship with security, etc.). Evaluation of the assignment showed that students enjoyed solving such real-world problems, could find real vulnerabilities, and that it helped raise their skills and cybersecurity awareness. Participation in real bug bounty programmes also positively af- fects the security level of the tested products. We also discuss the potential risks of this approach and how to mitigate them.

Název v anglickém jazyce

Using Real-world Bug Bounty Programs in Secure Coding Course: Experience Report

Popis výsledku anglicky

To keep up with the growing number of cyber-attacks and associ- ated threats, there is an ever-increasing demand for cybersecurity professionals and new methods and technologies. Training new cybersecurity professionals is a challenging task due to the broad scope of the area. One particular field where there is a shortage of experts is Ethical Hacking. Due to its complexity, it often faces educational constraints. Recognizing these challenges, we propose a solution: integrating a real-world bug bounty programme into the cybersecurity curriculum. This innovative approach aims to fill the practical cybersecurity education gap and brings additional positive benefits. To evaluate our idea, we include the proposed solution to a se- cure coding course for IT-oriented faculty. We let students choose to participate in a bug bounty programme as an option for the semester assignment in a secure coding course. We then collected responses from the students to evaluate the outcomes (improved skills, reported vulnerabilities, a better relationship with security, etc.). Evaluation of the assignment showed that students enjoyed solving such real-world problems, could find real vulnerabilities, and that it helped raise their skills and cybersecurity awareness. Participation in real bug bounty programmes also positively af- fects the security level of the tested products. We also discuss the potential risks of this approach and how to mitigate them.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

50501 - Law

Projekt

—

Návaznosti

I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace

Rok uplatnění

2024

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

Proceedings of the 2024 Inno- vation and Technology in Computer Science Education V. 1 (ITiCSE 2024)

ISBN

9798400706004

ISSN

1942-647X

e-ISSN

—

Počet stran výsledku

7

Strana od-do

227-233

Název nakladatele

Association for Computing Machinery

Místo vydání

New York

Místo konání akce

New York

Datum konání akce

1. 1. 2024

Typ akce podle státní příslušnosti

WRD - Celosvětová akce

Kód UT WoS článku

001265872600034