Welcome to the NIST SAMATE Reference Dataset Project

The purpose of the SAMATE Reference Dataset (SRD) is to provide users, researchers, and software security assurance tool developers with a set of known security flaws. This will allow end users to evaluate tools and tool developers to test their methods. These test cases are designs, source code, binaries, etc., i.e. from all the phases of the software life cycle. The dataset includes "wild" (production), "synthetic" (written to test or generated), and "academic" (from students) test cases. This database will also contain real software application with known bugs and vulnerabilities. The dataset intends to encompass a wide variety of possible vulnerabilities, languages, platforms, and compilers. The dataset is anticipated to become a large-scale effort, gathering test cases from many contributors. We have more information about the SRD, including goals, structure, test suite selection, etc.

Browse, download, and search the SRD

Anyone can browse or search test cases and download selected cases. Please click here to browse the test case repository; or download selected or all test cases. To find specific test cases, please click here.

How to submit test cases

We welcome submission of software artifacts with security vulnerabilities. We also welcome samples of avoiding or mitigating such vulnerabilities. A test case consists of one or more files that manifests the security error, and metadata about the file(s), such as the platform, language, etc. The submission screen will prompt for this information, before uploading the file(s). Please register or login, then click here to submit test cases.

Acknowledgments

We would like to thank all who have contributed to the SAMATE Reference Dataset.