Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.


The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Juliet 1.3 Test Suite: Changes From 1.2



Paul E. Black


The Juliet test suite is a systematic set of thousands of small test programs in C/C++ and Java exhibiting over 100 classes of errors, such as buffer overflow, OS injection, hardcoded password, absolute path traversal, NULL pointer dereference, uncaught exception, deadlock, and missing release of resource. These test programs should be helpful in determining capabilities of software assurance tools, particularly static analyzers, in Unix, Microsoft Windows, and other environments. Juliet was developed by the National Security Agency's Center for Assured Software and first released in December 2010. It has been enhanced twice since then. Version 1.2 was released in May 2013 with a total of 86,864 test cases. Released in October 2017, version 1.3 fixes about two dozen systematic problems in version 1.2 and adds tests for pre- and postincrement and -decrement operators. This technical note details the changes from version 1.2 to 1.3. This note also lists the systematic problems that we know remain in Juliet 1.3.
Technical Note (NIST TN) - 1995
Report Number


buffer overflow, Bugs Framework (BF), Common Weakness Enumeration (CWE), cybersecurity, integer overflow, Juliet test suite, OS injection bugs, programming language test material, software assurance, software quality, static analysis, static source code analyzers.
Created June 14, 2018, Updated August 21, 2019