This project relies upon a massive effort to collect, correct, and
annotate vulnerability history data. We call this process curating.
Today, the majority of our curating comes from a class assignment in our
upper-level required course, Engineering Secure Software. Example
instructions of that assignment can be found here. In the future we
plan on adapting those instructions to a broader audience and putting
step-by-step instructions in here.
However, we are currently piloting professional development workshops to guide people through this process. If you are interested in one of these workshops, please contact us.
Who should curate?
Anyone with some programming experience can curate a
vulnerability. Our students in the software engineering program who
typically curate these vulnerabilities are juniors and seniors. A
vulnerability is just an engineering mistake, usually manifesting itself
in code. So all you need to understand is code.
You do not need to be security expert or hobbyist. In fact,
curation is a fantastic learning experience. So maybe curating a
vulnerability if how you learn about your first vulnerability!
You do not need to expert in the project. You don't need to have
written an entire browser to understand the basics of what happened in a
specific, narrow situation.
Who should I write for?
Again, anyone some programming experience. You are writing to your
peers, both junior and senior. You can assume that your audience knows the
basics about programming, for example, technical words like "pointers" are