NIST Software Assurance Reference Dataset

A project driven by SAMATE Logo of SAMATE

The Software Assurance Reference Dataset (SARD) is a growing collection of test programs with documented weaknesses. Test cases vary from small synthetic programs to large applications. The programs are in C, C++, Java, PHP, and C#, and cover over 150 classes of weaknesses. The Acknowledgments and Test Case Descriptions page describes the content. The Manual explains how to use the SARD website.

  • Collection of more than 450,000 test cases

    From piece of code to production software

  • Various types of weaknesses

    Covering more than 150 Common Weakness Enumeration classes (CWE)

Raising software assurance

Nowadays, lack of software security costs billions of dollars to the US economy (source). At SAMATE, we believe software assurance is essential to the Software Development Life Cycle of any project. Our team aims to establish methodologies and advance research in evaluating Software Assurance tools.

The Software Assurance Reference Dataset platform is a wide repository of test cases and test suites helping tool developers improve their solutions and end users find suitable tools for their projects.

Contributing to this project

We welcome submission of software artifacts with security vulnerabilities. We also welcome samples of avoiding or mitigating such vulnerabilities. To submit test cases or suites, please contact the SAMATE team: samate@list.nist.gov