Vulnerability of the Day: Concrete Demonstrations for Software Engineering Undergraduates

Author(s): Andrew Meneely, Samuel Lucidi
Venue: International Conference on Software Engineering
Date: 2013

Type of Experiement: Other
Sample Size: 21
Class/Experience Level: Undergraduate Student
Participant Selection: Undergraduate Software Engineering Students
Data Collection Method: Survey


This paper presents some work in how educating Software Engineering undergraduates about security is vital and often overlooked. It describes how a typical curriculum never really covers aspects about security despite how crucial it is to have secure and safe software. In the paper, the authors describe a technique they call Vulnerability of the Day (VotD) in which they expose their students to a new security flaw in software. They present three guidelines for the VotD in which it has to be simple, demonstrable, and relevant.

The authors had their students answer surveys about the class at the end and they found that out of the 21 students, 16 found the VotD's to be the most effective part of the class. The authors also created an open source project that contains their VotD examples complete with code, Makefiles, instructor notes, and descriptions. They would like other instructors to try their method out.