This paper presents a vulnerability analysis course especially developed for practitioners and experiences gained from it. The described course is a compact three days course initially aimed to educate practitioners in the process of finding security weaknesses in their own products. After giving an overview of the course, the paper presents results from two different types of course evaluations. One evaluation was done on-site at the last day of the course, while the other was made 3–18 months after the participants had finished the course. Conclusions drawn from it with regard to recommended content for vulnerability analysis courses for practitioners are also provided.
展开▼