Beyond the Bugs: Enhancing Bug Bounty Programs through Academic Partnerships
Authors | |
---|---|
Year of publication | 2024 |
Type | Article in Proceedings |
Conference | ARES '24: Proceedings of the 19th International Conference on Availability, Reliability and Security |
MU Faculty or unit | |
Citation | |
Web | https://dl.acm.org/doi/10.1145/3664476.3670455 |
Doi | http://dx.doi.org/10.1145/3664476.3670455 |
Keywords | Cybersecurity; Bug Bounty; ethical hacking; education; curriculums |
Description | This paper explores the growing significance of vulnerability disclosure and bug bounty programs within the cybersecurity landscape, driven by regulatory changes in the European Union. The effectiveness of these programs relies heavily on the expertise of participants, presenting a challenge amid a shortage of skilled cybersecurity professionals, particularly in less sought-after sectors. To address this issue, the paper proposes a collaborative approach between academia and bug bounty issuers. By integrating bug bounty programs into cybersecurity courses, students gain practical skills and soft skills essential for bug hunting and cybersecurity work. The collaboration benefits both issuers, who gain manageable manpower, and students, who receive valuable hands-on experience. A pilot conducted during the current academic year yielded positive results, indicating the potential of this approach to address the demand for skilled cybersecurity professionals. The insights gained from the pilot inform future considerations and advancements in this collaborative model. |
Related projects: |