Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

SARD: Thousands of Reference Programs for Software Assurance

Published

Author(s)

Paul E. Black

Abstract

A corpus of computer programs with known bugs is useful in determining the ability of tools to find bugs. This article describes the content of NIST's Software Assurance Reference Dataset (SARD), which is a publicly available collection of thousands of programs with known weaknesses. SARD has programs in C, C++, Java, PHP, and C# covering over 150 classes of weaknesses. Most of the test cases are synthetic programs of a page or two of code, but there are over 7,000 full size applications, mostly derived from a dozen base applications. The collection also includes buggy code used in Static Analysis Tool Expositions (SATE). Although not every bug is indicated in every program, the vast majority of weaknesses are noted in files that can be automatically processed. Many test cases are grouped into suites, such as CAS Juliet, IARPA STONESOUP, and Kratkiewicz's buffer overflow. Test cases and suites came from many software developers, tool developers, and academic researchers. Users can search for test cases by language, weakness type, and several other criteria and can then browse, select, and download them. Analysts can cut months off the time needed to evaluate a tool or technique using test cases from the SARD.
Citation
Journal of Cyber Security and Information Systems
Volume
5
Issue
3

Keywords

software assurance, static analysis, programming language test material, software quality, cybersecurity

Citation

Black, P. (2017), SARD: Thousands of Reference Programs for Software Assurance, Journal of Cyber Security and Information Systems, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=923127 (Accessed December 4, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created October 31, 2017, Updated May 4, 2021