SARD: A Software Assurance Reference Dataset

Paul E. Black

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

SARD: A Software Assurance Reference Dataset

Author(s)

Paul E. Black

Abstract

Software assurance tools examine code for problems. To test such tools, we need programs with known bugs as ground truth. The Software Assurance Reference Dataset (SARD) is a publicly accessible collection of over 100,000 test cases in different programming languages, covering dozens of different classes of weaknesses, such as those in the Common Weakness Enumeration (CWE). The cases range from small, synthetic cases to production code, such as Google Chrome. In addition to collecting test cases, we are also working on a more precise and nuanced description language for weaknesses. We show examples such as heartbleed and Ghost.

Citation

Cybersecurity Innovation Forum

Pub Weblink

http://www.fbcinc.com/e/cif/

Pub Type

Websites

Keywords

software assurance, programming languages

Conformance testing, Software research and Software testing

Citation

Black, P. (1970), SARD: A Software Assurance Reference Dataset, Cybersecurity Innovation Forum, [online], http://www.fbcinc.com/e/cif/ (Accessed May 8, 2026)

Additional citation formats

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created May 7, 2017, Updated February 19, 2017

Was this page helpful?