Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

SARD: A Software Assurance Reference Dataset

Author(s)

Paul E. Black

Abstract

Software assurance tools examine code for problems. To test such tools, we need programs with known bugs as ground truth. The Software Assurance Reference Dataset (SARD) is a publicly accessible collection of over 100,000 test cases in different programming languages, covering dozens of different classes of weaknesses, such as those in the Common Weakness Enumeration (CWE). The cases range from small, synthetic cases to production code, such as Google Chrome. In addition to collecting test cases, we are also working on a more precise and nuanced description language for weaknesses. We show examples such as heartbleed and Ghost.
Citation
Cybersecurity Innovation Forum

Keywords

software assurance, programming languages

Citation

Black, P. (1970), SARD: A Software Assurance Reference Dataset, Cybersecurity Innovation Forum, [online], http://www.fbcinc.com/e/cif/ (Accessed May 30, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created May 7, 2017, Updated February 19, 2017