This project relies upon a massive effort to collect, correct, and annotate vulnerability history data. We call this process curating.
Today, the majority of our curating comes from a class assignment in our upper-level required course, Engineering Secure Software. Example instructions of that assignment can be found here. In the future we plan on adapting those instructions to a broader audience and putting step-by-step instructions in here.
However, we are currently piloting professional development workshops to guide people through this process. If you are interested in one of these workshops, please contact us.
Anyone with some programming experience can curate a vulnerability. Our students in the software engineering program who typically curate these vulnerabilities are juniors and seniors. A vulnerability is just an engineering mistake, usually manifesting itself in code. So all you need to understand is code.
You do not need to be security expert or hobbyist. In fact, curation is a fantastic learning experience. So maybe curating a vulnerability if how you learn about your first vulnerability!
You do not need to expert in the project. You don't need to have written an entire browser to understand the basics of what happened in a specific, narrow situation.
Again, anyone some programming experience. You are writing to your peers, both junior and senior. You can assume that your audience knows the basics about programming, for example, technical words like "pointers" are okay.