Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

SARD: A Software Assurance Reference Dataset


Paul E. Black


Software assurance tools examine code for problems. To test such tools, we need programs with known bugs as ground truth. The Software Assurance Reference Dataset (SARD) is a publicly accessible collection of over 100,000 test cases in different programming languages, covering dozens of different classes of weaknesses, such as those in the Common Weakness Enumeration (CWE). The cases range from small, synthetic cases to production code, such as Google Chrome. In addition to collecting test cases, we are also working on a more precise and nuanced description language for weaknesses. We show examples such as heartbleed and Ghost.
Cybersecurity Innovation Forum


software assurance, programming languages


Black, P. (1970), SARD: A Software Assurance Reference Dataset, Cybersecurity Innovation Forum, [online], (Accessed May 30, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created May 7, 2017, Updated February 19, 2017