Beyond the Bugs: Enhancing Bug Bounty Programs through Academic Partnerships

Warning

This publication doesn't include Institute of Computer Science. It includes Faculty of Law. Official publication website can be found on muni.cz.
Authors

KRIŠTOFÍK Andrej VOSTOUPAL Jakub MALINKA Kamil KASL František LOUTOCKÝ Pavel

Year of publication 2024
Type Article in Proceedings
Conference ARES '24: Proceedings of the 19th International Conference on Availability, Reliability and Security
MU Faculty or unit

Faculty of Law

Citation
Web https://dl.acm.org/doi/10.1145/3664476.3670455
Doi http://dx.doi.org/10.1145/3664476.3670455
Keywords Cybersecurity; Bug Bounty; ethical hacking; education; curriculums
Description This paper explores the growing significance of vulnerability disclosure and bug bounty programs within the cybersecurity landscape, driven by regulatory changes in the European Union. The effectiveness of these programs relies heavily on the expertise of participants, presenting a challenge amid a shortage of skilled cybersecurity professionals, particularly in less sought-after sectors. To address this issue, the paper proposes a collaborative approach between academia and bug bounty issuers. By integrating bug bounty programs into cybersecurity courses, students gain practical skills and soft skills essential for bug hunting and cybersecurity work. The collaboration benefits both issuers, who gain manageable manpower, and students, who receive valuable hands-on experience. A pilot conducted during the current academic year yielded positive results, indicating the potential of this approach to address the demand for skilled cybersecurity professionals. The insights gained from the pilot inform future considerations and advancements in this collaborative model.
Related projects:

You are running an old browser version. We recommend updating your browser to its latest version.

More info