# Contributing to AISecForge First of all, thank you for considering a contribution to AISecForge! This project thrives on collaborative expertise, and your insights will help build a more robust framework for AI security testing. ## Ways to Contribute ### 1. Vulnerability Research - Developing new testing methodologies for emerging vulnerabilities - Documenting novel attack vectors and exploitation techniques - Creating demonstrations of security issues (in controlled environments) ### 2. Framework Enhancement - Improving existing testing frameworks and methodologies - Adding support for new models or capabilities - Enhancing scoring and evaluation metrics ### 3. Tool Development - Creating new tools for automated testing - Improving existing scanners and analyzers - Developing visualization tools for security assessment results ### 4. Documentation - Improving existing documentation - Adding case studies and practical examples - Translating documentation to other languages ## Contribution Process ### Step 1: Find or Create an Issue - Browse existing [issues](https://github.com/AISecForge/AISecForge/issues) to find something that interests you - Create a new issue if you have identified a gap or improvement - Wait for maintainer feedback before starting work on new issues ### Step 2: Fork and Branch - Fork the repository - Create a branch with a descriptive name: - `feature/description` for new features - `fix/description` for bug fixes - `docs/description` for documentation updates - `refactor/description` for code refactoring ### Step 3: Development - Follow the coding and documentation standards (see below) - Keep changes focused and related to the issue at hand - Add tests where appropriate - Update documentation to reflect your changes ### Step 4: Submit a Pull Request - Ensure all tests pass - Update the changelog with your changes - Submit a pull request against the `main` branch - Reference the issue your PR addresses - Provide a clear description of the changes and their purpose ## Code and Documentation Standards ### Code Standards - Clear, readable code with meaningful variable and function names - Comprehensive error handling - Proper commenting for complex sections - Test coverage for new functionality ### Documentation Standards - Clear, concise language - Proper Markdown formatting - Practical examples where appropriate - Graphics or diagrams for complex concepts ### Security Research Standards - All research must be conducted responsibly - Document potential risks and mitigations - Do not include exploitable code without appropriate safeguards - Focus on defense, not exploitation ## Specialized Knowledge Areas We particularly welcome contributions in these areas: ### LLM Security Specialists - Prompt injection methodologies and defenses - Evasion technique analysis - Model behavior boundary testing ### Red Team Practitioners - Realistic attack scenario development - Methodology for real-world testing - Effective reporting approaches ### Policy and Governance Experts - Responsible disclosure frameworks - Security policy development - Regulatory compliance considerations ### AI Researchers - Novel attack vector discovery - Theoretical vulnerability analysis - Cross-model comparison methodologies ## Review Process 1. Initial review by a project maintainer (typically within 5 business days) 2. Technical review if the contribution involves complex changes 3. Security review for contributions involving attack methodologies 4. Final approval and merge by a maintainer ## Recognition All contributors will be acknowledged in the project's contributor list, and significant contributions may be highlighted in release notes and publications based on this work. ## Code of Conduct All contributors are expected to adhere to the project's [Code of Conduct](CODE_OF_CONDUCT.md). ## Questions? If you have questions about contributing, please open a discussion in the GitHub repository or contact the project maintainers at security@AISecForge.org. Thank you for helping make AISecForge better!