How to Cite
Abstract
There is a high demand for software developers and security professionals with strong software analysis skills. Currently, many students learn software analysis as an auxiliary exercise to their programming projects, and their experience is limited to white-box testing of applications that they or their peers have written. This type of experience does not give students a realistic or practical set of skills which they can immediately apply to more complex tasks. We describe our experiences with an information security course project in which students were tasked with discovering and analyzing software flaws in real software projects, giving students practical experience in flaw analysis and bug reporting. We discuss the focuses and goals of this project, including its emphasis on responsible disclosure, and the trends in student's comfort with analysis techniques and tools.
Open Access License Notice:
This article is © its author(s) and is licensed under the Creative Commons Attribution 4.0 International License (CC BY 4.0). Beginning with Volume 13 (2026), this license is included directly within all published PDFs. For earlier articles, a cover page has been added to indicate the correct licensing terms. Any legacy copyright or pricing statements appearing within the PDF reflect prior print production workflows and do not represent the Journal’s current open access policy. For full details, please see the Journal’s License Terms.