Security bugs are errors in code that, when exploited, can lead to serious software vulnerabilities. These bugs could allow an attacker to take over an application and steal information. One of the ways to address this issue is by means of awareness training. The Sifu platform was developed in the industry, for the industry, with the aim to raise software developers' awareness of secure coding. This paper extends the Sifu platform with three challenges that specifically address embedded programming courses, and describes how to implement these challenges, while also evaluating the usefulness of these challenges to raise security awareness in an academic setting. Our work presents technical details on the detection mechanisms for software vulnerabilities and gives practical advice on how to implement them. The evaluation of the challenges is performed through two trial runs with a total of 16 participants. Our preliminary results show that the challenges are suitable for academia, and can even potentially be included in official teaching curricula. One major finding is an indicator of the lack of awareness of secure coding by undergraduates. Finally, we compare our results with previous work done in the industry and extract advice for practitioners.

中文翻译：

---

利用嵌入式编程课程中的网络安全挑战来提高安全意识

安全错误是代码中的错误，一旦被利用，就会导致严重的软件漏洞。这些错误可能使攻击者可以接管应用程序并窃取信息。解决此问题的方法之一是通过意识培训。Sifu平台是针对该行业而开发的，旨在提高软件开发人员对安全编码的认识。本文为Sifu平台扩展了三个挑战，这些挑战专门针对嵌入式编程课程，并描述了如何实现这些挑战，同时还评估了这些挑战在学术环境中提高安全意识的有用性。我们的工作提供了有关软件漏洞检测机制的技术细节，并提供了有关如何实施这些漏洞的实用建议。挑战的评估是通过两次试验进行的，共有16名参与者。我们的初步结果表明，这些挑战适合于学术界，甚至有可能包含在官方教学课程中。一个主要发现是表明缺乏对大学生对安全编码的认识。最后，我们将我们的结果与行业中以前的工作进行比较，并为从业者提供建议。