NIST Makes Major Upgrade to SAMATE Reference Dataset

Carlton Purvis

The SAMATE Reference Dataset (SRD) is a database that provides security developers with a set of known security flaws to consider when creating cybersecurity software. That database just got a lot larger.

In a release on Tuesday, the National Institute of Standards and Technology (NIST) said computer scientists have “dramatically enlarged” the database. The new and improved version of SRD contains 175 weakness categories that include more than 60,000 specific cases of code errors. This is 100 more categories and 30 times the number of cases in the last version of SRD.

According to the NIST release:

“A complex piece of software like an operating system or a Web browser usually requires the combined effort of multiple programmers to write up to millions of lines of computer code. Before their software hits the market, it first must be put through its paces to make sure it not only works as desired under a multitude of different circumstances, but also that it is not vulnerable to cyberattack.

The act of checking out software in this fashion has become so complicated in and of itself that developers created another type of labor-saving program called a ‘static analyzer’ to help with the checking. Static analyzers doggedly run through the code looking for obvious problems, but they can only find the weaknesses they have been programmed to find—which is where the SRD comes in.”

The database is fully searchable by language, type of weakness, and code construct. Search results are available in a downloadable Zip file, according to the release.

SRD version 4.0 is available online at

photo by MDGovPics/flickr


View Recent News (by day)


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.