Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Using Real-world Bug Bounty Programs in Secure Coding Course: Experience Report

Kamil Malinka, Anton Firc, Pavel Loutocký, Jakub Vostoupal, Andrej Krištofík, František Kasl

TL;DR

This study investigates integrating real-world bug bounty programs into a secure coding course to address the shortage of cybersecurity professionals and bridge theory-practice gaps. By offering a voluntary BBP-based project (BBCh) alongside traditional topics, the authors evaluate educational outcomes through mixed methods (surveys and project reports). Results show that students can identify real vulnerabilities, gain practical and ethical hacking skills, and report increased interest in cybersecurity careers, with overall project difficulty comparable to other course components. The findings suggest that BBP-based curricula are feasible, beneficial for diverse student paths, and can strengthen academia–industry collaboration to improve both learning and real-world security practices.

Abstract

To keep up with the growing number of cyber-attacks and associated threats, there is an ever-increasing demand for cybersecurity professionals and new methods and technologies. Training new cybersecurity professionals is a challenging task due to the broad scope of the area. One particular field where there is a shortage of experts is Ethical Hacking. Due to its complexity, it often faces educational constraints. Recognizing these challenges, we propose a solution: integrating a real-world bug bounty programme into cybersecurity curriculum. This innovative approach aims to fill the gap in practical cybersecurity education and also brings additional positive benefits. To evaluate our idea, we include the proposed solution to a secure coding course for IT-oriented faculty. We let students choose to participate in a bug bounty programme as an option for the semester assignment in a secure coding course. We then collected responses from the students to evaluate the outcomes (improved skills, reported vulnerabilities, a better relationship with security, etc.). Evaluation of the assignment showed that students enjoyed solving such real-world problems, could find real vulnerabilities, and that it helped raise their skills and cybersecurity awareness. Participation in real bug bounty programmes also positively affects the security level of the tested products. We also discuss the potential risks of this approach and how to mitigate them.

Using Real-world Bug Bounty Programs in Secure Coding Course: Experience Report

TL;DR

This study investigates integrating real-world bug bounty programs into a secure coding course to address the shortage of cybersecurity professionals and bridge theory-practice gaps. By offering a voluntary BBP-based project (BBCh) alongside traditional topics, the authors evaluate educational outcomes through mixed methods (surveys and project reports). Results show that students can identify real vulnerabilities, gain practical and ethical hacking skills, and report increased interest in cybersecurity careers, with overall project difficulty comparable to other course components. The findings suggest that BBP-based curricula are feasible, beneficial for diverse student paths, and can strengthen academia–industry collaboration to improve both learning and real-world security practices.

Abstract

To keep up with the growing number of cyber-attacks and associated threats, there is an ever-increasing demand for cybersecurity professionals and new methods and technologies. Training new cybersecurity professionals is a challenging task due to the broad scope of the area. One particular field where there is a shortage of experts is Ethical Hacking. Due to its complexity, it often faces educational constraints. Recognizing these challenges, we propose a solution: integrating a real-world bug bounty programme into cybersecurity curriculum. This innovative approach aims to fill the gap in practical cybersecurity education and also brings additional positive benefits. To evaluate our idea, we include the proposed solution to a secure coding course for IT-oriented faculty. We let students choose to participate in a bug bounty programme as an option for the semester assignment in a secure coding course. We then collected responses from the students to evaluate the outcomes (improved skills, reported vulnerabilities, a better relationship with security, etc.). Evaluation of the assignment showed that students enjoyed solving such real-world problems, could find real vulnerabilities, and that it helped raise their skills and cybersecurity awareness. Participation in real bug bounty programmes also positively affects the security level of the tested products. We also discuss the potential risks of this approach and how to mitigate them.
Paper Structure (14 sections, 1 figure, 2 tables)

This paper contains 14 sections, 1 figure, 2 tables.

Table of Contents

  1. Introduction
  2. Contributions.
  3. Motivation
  4. Related work
  5. Proposed solution
  6. Course project description
  7. Experiment Design
  8. Results
  9. Student's work on the assignment
  10. Self-evaluation of educational impacts
  11. Self-assessment of the project
  12. Discussion and limitations
  13. Limitations
  14. Conclusions

Figures (1)

  • Figure 1: Orientation of participants on the topic of ethical hacking before and after the project. Participants were ordered by skill level before the project.