Skip to main content

How to Contribute

CAIF contributions happen through GitHub Issues, Discussions, and Pull Requests.

Good first contributions

  • Propose a new standard.
  • Improve framework documentation.
  • Add a weakness mapping.
  • Review a proposed finding.
  • Submit public BBP / VDP program metadata.
  • Apply to author a research domain.

Public contribution boundaries

Public contributors participate through GitHub Discussions, Issues, documentation, standards, registers, mappings, scoring guidance, and evidence review.

Joining the public CAIF community does not require or grant private source code access. If a future private implementation exists, access to that source code is handled separately by maintainers and is not part of the public contributor path.

BBP / VDP feed submissions must include public metadata only. Do not submit private program scope, credentials, invite-only details, exploit payloads, or paid/private platform intelligence.

Pull Request expectations

  • Keep changes focused.
  • Include evidence or rationale for security claims.
  • Use clear, vendor-neutral language.
  • Link related Issues or Discussions.
  • Respect the Code of Conduct and governance model.