Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Juliet 1.3 Test Suite: Changes From 1.2



Paul E. Black


The Juliet test suite is a systematic set of thousands of small test programs in C/C++ and Java exhibiting over 100 classes of errors, such as buffer overflow, OS injection, hardcoded password, absolute path traversal, NULL pointer dereference, uncaught exception, deadlock, and missing release of resource. These test programs should be helpful in determining capabilities of software assurance tools, particularly static analyzers, in Unix, Microsoft Windows, and other environments. Juliet was developed by the National Security Agency's Center for Assured Software and first released in December 2010. It has been enhanced twice since then. Version 1.2 was released in May 2013 with a total of 86,864 test cases. Released in October 2017, version 1.3 fixes about two dozen systematic problems in version 1.2 and adds tests for pre- and postincrement and -decrement operators. This technical note details the changes from version 1.2 to 1.3. This note also lists the systematic problems that we know remain in Juliet 1.3.
Technical Note (NIST TN) - 1995
Report Number


buffer overflow, Bugs Framework (BF), Common Weakness Enumeration (CWE), cybersecurity, integer overflow, Juliet test suite, OS injection bugs, programming language test material, software assurance, software quality, static analysis, static source code analyzers.


Black, P. (2018), Juliet 1.3 Test Suite: Changes From 1.2, Technical Note (NIST TN), National Institute of Standards and Technology, Gaithersburg, MD, [online], (Accessed April 12, 2024)
Created June 14, 2018, Updated May 4, 2021