A Software Assurance Reference Dataset: Thousands of Programs With Known Bugs
The Software Assurance Reference Dataset (SARD) is a growing collection of over 170 000 programs with precisely located bugs. The programs are in C, C++, Java, PHP, and C# and cover more than 150 classes of weaknesses, such as SQL injection, cross-site scripting (XSS), buffer overflow, and use of a...
Saved in:
| Published in | Journal of research of the National Institute of Standards and Technology Vol. 123; pp. 1 - 3 |
|---|---|
| Main Author | |
| Format | Journal Article |
| Language | English |
| Published |
United States
[Gaithersburg, MD] : U.S. Dept. of Commerce, National Institute of Standards and Technology
16.04.2018
|
| Subjects | |
| Online Access | Get full text |
| ISSN | 2165-7254 1044-677X 2165-7254 |
| DOI | 10.6028/jres.123.005 |
Cover
Loading…
| Abstract | The Software Assurance Reference Dataset (SARD) is a growing collection of over
170 000 programs with precisely located bugs. The programs are in C, C++, Java, PHP, and
C# and cover more than 150 classes of weaknesses, such as SQL injection, cross-site
scripting (XSS), buffer overflow, and use of a broken cryptographic algorithm. Most are
automatically generated synthetic programs, each a few pages of code long, but there are
also over 7000 full-sized applications. In addition, SARD has production code and has
hundreds of cases written by hand. The code is typical quality. It is neither pristine
nor obfuscated. Many cases have corresponding “good” cases, in which weaknesses are
fixed, to test for false positives. |
|---|---|
| AbstractList | The Software Assurance Reference Dataset (SARD) is a growing collection of over
170 000 programs with precisely located bugs. The programs are in C, C++, Java, PHP, and
C# and cover more than 150 classes of weaknesses, such as SQL injection, cross-site
scripting (XSS), buffer overflow, and use of a broken cryptographic algorithm. Most are
automatically generated synthetic programs, each a few pages of code long, but there are
also over 7000 full-sized applications. In addition, SARD has production code and has
hundreds of cases written by hand. The code is typical quality. It is neither pristine
nor obfuscated. Many cases have corresponding “good” cases, in which weaknesses are
fixed, to test for false positives. |
| ArticleNumber | 123005 |
| Author | Black, Paul E. |
| Author_xml | – sequence: 1 givenname: Paul E. surname: Black fullname: Black, Paul E. organization: National Institute of Standards and Technology, Information Technology Laboratory, Gaithersburg, MD 20899, USA |
| BackLink | https://www.ncbi.nlm.nih.gov/pubmed/34877127$$D View this record in MEDLINE/PubMed |
| BookMark | eNptkc9PwyAUx4nROJ3ePBuOHtwE2kLrwWTOn1Gj0RmPhNLXraaDCa3G_16aqVEjF17yPny_7_HdRKvGGkBoh5IhJyw9eHbgh5RFQ0KSFbTBKE8GgiXx6o-6hza9fybh8DhbR70oToWgTGygmxF-sGXzphzgkfetU0YDvocSHHTViWqUh-YQT2a29coUHtsS3zk7dWru8VPVzPCVsW8GH7dTv4XWSlV72P68--jx7HQyvhhc355fjkfXA82yLBlERS4UjThPk1SkKs8JEVmRMRIGznnMieDAylxkmtCi4CkjMdEl1aBSGjga9dHRUnfR5nMoNJjGqVouXDVX7l1aVcnfHVPN5NS-ShFFWSJIENj7FHD2pQXfyHnlNdS1MhD2lIyTlJKIZx26-9Pr2-TrDwOwvwS0s947KL8RSmQXkewikiEiGSIKOPuD66pRTWW7Sav6_0cfNz-Urw |
| CitedBy_id | crossref_primary_10_1016_j_future_2024_107504 crossref_primary_10_7717_peerj_cs_975 crossref_primary_10_1109_ACCESS_2022_3216395 crossref_primary_10_1016_j_infsof_2024_107448 crossref_primary_10_1007_s10664_024_10590_1 crossref_primary_10_1109_ACCESS_2024_3380478 crossref_primary_10_1016_j_jisa_2023_103467 crossref_primary_10_1109_ACCESS_2023_3338162 crossref_primary_10_1109_JPROC_2020_2993293 crossref_primary_10_1186_s40537_023_00727_2 crossref_primary_10_1007_s00521_021_05954_3 |
| Cites_doi | 10.1109/QRS.2016.29 10.1109/MC.2012.345 |
| ContentType | Journal Article |
| DBID | AAYXX CITATION NPM 7X8 5PM |
| DOI | 10.6028/jres.123.005 |
| DatabaseName | CrossRef PubMed MEDLINE - Academic PubMed Central (Full Participant titles) |
| DatabaseTitle | CrossRef PubMed MEDLINE - Academic |
| DatabaseTitleList | CrossRef |
| Database_xml | – sequence: 1 dbid: NPM name: PubMed url: https://proxy.k.utb.cz/login?url=http://www.ncbi.nlm.nih.gov/entrez/query.fcgi?db=PubMed sourceTypes: Index Database |
| DeliveryMethod | fulltext_linktorsrc |
| Discipline | Sciences (General) Physics |
| EISSN | 2165-7254 |
| EndPage | 3 |
| ExternalDocumentID | PMC7339570 34877127 10_6028_jres_123_005 |
| Genre | Journal Article |
| GroupedDBID | --Z -~X .4S .DC 29L 2WC 5VS 85S 88I 8AF 8AO 8FE 8FG 8FH 8G5 8R4 8R5 96U A8Z AAFWJ AAYXX ABJCF ABPPZ ABUWG ACGOD ACIPV ACIWK ADBBV ADDVE ADMLS ADRAZ AENEX AEUYN AFAZI AFKRA AFPKN ALMA_UNASSIGNED_HOLDINGS ARCSS AZQEC BCNDV BENPR BGLVJ BHPHI BKSAR BPHCQ CCPQU CITATION D1I DWQXO E3Z EBS EJD F5P GNUQQ GROUPED_DOAJ GUQSH GX1 HCIFZ HH5 I-F IAO ICD IEA IOF ISR KB. KQ8 LK5 M2O M2P M2Q M7R NEJ OVT PADUT PCBAR PDBOC PHGZM PHGZT PIMPY PQQKQ PROAC PV9 Q2X QF4 QM1 QN7 QO4 RGD RNS RPM RWL RXW RZL S0X TAE TAF TN5 TR2 TUS U5U UNMZH UPT WH7 XSB YQT YRT ~02 186 ABDPE AETEA AFFNX AI. AOIJS BES C1A FA8 HYE H~9 IGS IPNFZ ITC M48 NPM PQGLB RIG UQL VH1 XJT XOL ZY4 7X8 5PM |
| ID | FETCH-LOGICAL-c2995-3db7a136685878abb0079d920216b646076e2fb79c01dd682040cf1cea819d913 |
| ISSN | 2165-7254 1044-677X |
| IngestDate | Thu Aug 21 18:21:11 EDT 2025 Fri Jul 11 11:16:54 EDT 2025 Mon Jul 21 06:04:02 EDT 2025 Thu Apr 24 23:06:57 EDT 2025 Tue Jul 01 02:30:29 EDT 2025 |
| IsDoiOpenAccess | false |
| IsOpenAccess | true |
| IsPeerReviewed | false |
| IsScholarly | true |
| Keywords | static analysis software quality cybersecurity software assurance |
| Language | English |
| LinkModel | OpenURL |
| MergedId | FETCHMERGED-LOGICAL-c2995-3db7a136685878abb0079d920216b646076e2fb79c01dd682040cf1cea819d913 |
| Notes | ObjectType-Article-1 SourceType-Scholarly Journals-1 ObjectType-Feature-2 content type line 23 |
| OpenAccessLink | https://doi.org/10.6028/jres.123.005 |
| PMID | 34877127 |
| PQID | 2608103690 |
| PQPubID | 23479 |
| PageCount | 3 |
| ParticipantIDs | pubmedcentral_primary_oai_pubmedcentral_nih_gov_7339570 proquest_miscellaneous_2608103690 pubmed_primary_34877127 crossref_primary_10_6028_jres_123_005 crossref_citationtrail_10_6028_jres_123_005 |
| ProviderPackageCode | CITATION AAYXX |
| PublicationCentury | 2000 |
| PublicationDate | 2018-04-16 |
| PublicationDateYYYYMMDD | 2018-04-16 |
| PublicationDate_xml | – month: 04 year: 2018 text: 2018-04-16 day: 16 |
| PublicationDecade | 2010 |
| PublicationPlace | United States |
| PublicationPlace_xml | – name: United States |
| PublicationTitle | Journal of research of the National Institute of Standards and Technology |
| PublicationTitleAlternate | J Res Natl Inst Stand Technol |
| PublicationYear | 2018 |
| Publisher | [Gaithersburg, MD] : U.S. Dept. of Commerce, National Institute of Standards and Technology |
| Publisher_xml | – name: [Gaithersburg, MD] : U.S. Dept. of Commerce, National Institute of Standards and Technology |
| References | 1 2 3 4 5 6 |
| References_xml | – ident: 2 – ident: 3 doi: 10.1109/QRS.2016.29 – ident: 4 doi: 10.1109/MC.2012.345 – ident: 6 – ident: 5 – ident: 1 |
| SSID | ssj0000649 |
| Score | 2.3050249 |
| Snippet | The Software Assurance Reference Dataset (SARD) is a growing collection of over
170 000 programs with precisely located bugs. The programs are in C, C++, Java,... |
| SourceID | pubmedcentral proquest pubmed crossref |
| SourceType | Open Access Repository Aggregation Database Index Database Enrichment Source |
| StartPage | 1 |
| Title | A Software Assurance Reference Dataset: Thousands of Programs With Known Bugs |
| URI | https://www.ncbi.nlm.nih.gov/pubmed/34877127 https://www.proquest.com/docview/2608103690 https://pubmed.ncbi.nlm.nih.gov/PMC7339570 |
| Volume | 123 |
| hasFullText | 1 |
| inHoldings | 1 |
| isFullTextHit | |
| isPrint | |
| link | http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV3da9swEBdby2AvY-2-0m1Bgw02TFJLtiV7b-mWrgwaxtpC34wty2QwnJI6DPbX7876yOeg24sJsmQb3eV0J_3ud4S8TYq45FjQJFa1ggCFZYMs4WKgNOchOOhJ3dEunk_E2VX89Tq5diXhbXZJWw7V7515Jf8jVWgDuWKW7D9I1j8UGuA3yBeuIGG43knGo-ACrOgvBG_BNC_mHfx_SR37uWhhjWoNsGKG8JvKYN4MJguhr-00wMLXTXCysBvm246q5QOaOjjBxO0frgENLuyehOF83t6x73YKHRYxGA9XtxtYiicnJhvSWCXOBNa_NczPQ72jzZlVk0e8aaIFODRooucI-uJIL5sslyJ3_L6xQnncIEQsOD7H0TmMzjv62n0OIQJ34bRfhbvQx3-aSXrA0cer7153R7ZijE2o7IrvcfmYPLKyoCOjAQfknm4OyYMOvKtuD8mBNdC39L1lEf_whJyPqFMO6pWDeuWgVjk-Uq8adFZTpxoUVYN2qkFRNZ6Sq9Px5aezga2dMVAck-6RNrtgkcDyAjItSrCuMqsyDi6dKEUsQik0r0uZqZBVlQA_MA5VzZQuwEWsMhY9I3vNrNEvCK1K8GIjDg-Mw1hplsmw1rLSLC2ZLFTYI4GbwlxZYnmsb_Iz3yWuHnnne98YQpW_9HvjpJGDxcNjrKLRMCE5ROApA8crgzc_N9LxT4og_paMyx6Ra3LzHZBNff1O82PasarLCI-sw6M7ft9L8nD593hF9tr5Qr8G_7Qt--R-evqlT_ZPxpNv3_udWv4BPvKTYw |
| linkProvider | Directory of Open Access Journals |
| openUrl | ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=A+Software+Assurance+Reference+Dataset%3A+Thousands+of+Programs+With+Known+Bugs&rft.jtitle=Journal+of+research+of+the+National+Institute+of+Standards+and+Technology&rft.au=Black%2C+Paul+E.&rft.date=2018-04-16&rft.issn=2165-7254&rft.eissn=2165-7254&rft.volume=123&rft_id=info:doi/10.6028%2Fjres.123.005&rft.externalDBID=n%2Fa&rft.externalDocID=10_6028_jres_123_005 |
| thumbnail_l | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2165-7254&client=summon |
| thumbnail_m | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2165-7254&client=summon |
| thumbnail_s | http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2165-7254&client=summon |