The Software Assurance Reference Dataset (SARD) is a growing collection of test programs with documented weaknesses. Test cases vary from small synthetic programs to large applications. The programs are in C, C++, Java, PHP, and C#, and cover over 150 classes of weaknesses. The Acknowledgments and Test Case Descriptions page describes the content. The Manual explains how to use the SARD website.
Collection of more than 450,000 test cases
From piece of code to production software
Various types of weaknesses
Covering more than 150 Common Weakness Enumeration classes (CWE)
Nowadays, lack of software security costs billions of dollars to the US economy (source). At SAMATE, we believe software assurance is essential to the Software Development Life Cycle of any project. Our team aims to establish methodologies and advance research in evaluating Software Assurance tools.
The Software Assurance Reference Dataset platform is a wide repository of test cases and test suites helping tool developers improve their solutions and end users find suitable tools for their projects.
We welcome submission of software artifacts with security vulnerabilities. We also welcome samples of avoiding or mitigating such vulnerabilities. To submit test cases or suites, please contact the SAMATE team: samate@list.nist.gov
