Abstract
The Juliet Test Suite 1.1 is a collection of over 81,000 synthetic C/C++ and Java programs with known flaws. These programs are useful as test cases for testing the effectiveness of static analyzers and other software assurance tools, and are in the public domain. This article describes the structure of Juliet and the test cases comprising it. The cases cover 181 different Common Weakness Enumeration (CWE) entries. Each case consists of a page or two of source code with a specific flaw embedded in a control- or data-flow variant, and most include similar, but non-flawed, code to test tool discrimination. The C/C++ or Java portion of the test suite may be downloaded at
http://samate.nist.gov/SRD/testsuite.php.