NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

SARD: A Software Assurance Reference Dataset

Author(s)

Paul E. Black

Abstract

Software assurance tools examine code for problems. To test such tools, we need programs with known bugs as ground truth. The Software Assurance Reference Dataset (SARD) is a publicly accessible collection of over 100,000 test cases in different programming languages, covering dozens of different classes of weaknesses, such as those in the Common Weakness Enumeration (CWE). The cases range from small, synthetic cases to production code, such as Google Chrome. In addition to collecting test cases, we are also working on a more precise and nuanced description language for weaknesses. We show examples such as heartbleed and Ghost.
Citation
Cybersecurity Innovation Forum
Pub Weblink
http://www.fbcinc.com/e/cif/
Pub Type
Websites

Keywords

software assurance, programming languages
Conformance testing, Software research and Software testing

Citation

Black, P. (1970), SARD: A Software Assurance Reference Dataset, Cybersecurity Innovation Forum, [online], http://www.fbcinc.com/e/cif/ (Accessed October 6, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created May 7, 2017, Updated February 19, 2017
Was this page helpful?