Contact: Chad Boutin
Computer scientists at the National Institute of Standards and Technology (NIST) have dramatically enlarged a database designed to improve applications that help programmers find weaknesses in software. This database, the SAMATE Reference Dataset (SRD), version 4.0, is a freely available online tool aimed at helping programmers fortify their creations against hackers.
A complex piece of software like an operating system or a Web browser usually requires the combined effort of multiple programmers to write up to millions of lines of computer code. Before their software hits the market, it first must be put through its paces to make sure it not only works as desired under a multitude of different circumstances, but also that it is not vulnerable to cyber attack. The act of checking out software in this fashion has become so complicated in and of itself that developers created another type of labor-saving program called a "static analyzer" to help with the checking. Static analyzers doggedly run through the code looking for obvious problems, but they can only find the weaknesses they have been programmed to find—which is where the SRD comes in.