A Software Assurance Reference Dataset: Thousands of Programs With Known Bugs

The Software Assurance Reference Dataset (SARD) is a growing collection of over 170 000 programs with precisely located bugs. The programs are in C, C++, Java, PHP, and C# and cover more than 150 classes of weaknesses, such as SQL injection, cross-site scripting (XSS), buffer overflow, and use of a...

Full description

Saved in:
Bibliographic Details
Published inJournal of research of the National Institute of Standards and Technology Vol. 123; pp. 1 - 3
Main Author Black, Paul E.
Format Journal Article
LanguageEnglish
Published United States [Gaithersburg, MD] : U.S. Dept. of Commerce, National Institute of Standards and Technology 16.04.2018
Subjects
static analysis
software quality
cybersecurity
software assurance
Online AccessGet full text

Cover

More Information
Summary:The Software Assurance Reference Dataset (SARD) is a growing collection of over 170 000 programs with precisely located bugs. The programs are in C, C++, Java, PHP, and C# and cover more than 150 classes of weaknesses, such as SQL injection, cross-site scripting (XSS), buffer overflow, and use of a broken cryptographic algorithm. Most are automatically generated synthetic programs, each a few pages of code long, but there are also over 7000 full-sized applications. In addition, SARD has production code and has hundreds of cases written by hand. The code is typical quality. It is neither pristine nor obfuscated. Many cases have corresponding “good” cases, in which weaknesses are fixed, to test for false positives.
Bibliography:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 23
ISSN:2165-7254
1044-677X
2165-7254
DOI:10.6028/jres.123.005