A group of computer scientists says they have enlarged a database designed to improve applications that help programmers find weaknesses in software.
The team from the National Institute of Standards and Technology has released the SAMATE Reference Dataset version 4.0, a free online tool designed to assist programmers fortify their creations against cyber hackers in addition to minimizing code errors in commercial software.
In order to check newly developed software“™s overall functionality and resistance against cyber attacks, developers commonly use what they call a “static analyzer,“ which analyzes millions of lines of computer code. The problem with this device is that it can only find weaknesses it has been programmed to find, which is where the SRD comes into play.
“The SRD is for companies that build static analyzers, whose use is expanding within the software industry,” says SRD project leader Michael Koo. “It will help their products catch the most common errors in the software they are supposed to check.
SRD version 4.0 is composed of 175 broad categories of weakness types that cover more than 60,000 specific cases of code errors. This is an upgrade from SRD version 3.0, with an additional 100 categories and 30 times the number of cases.
In addition, the dataset is also searchable by language, type of weakness and code construct.
As for the future, the NIST team said they will be working to develop a dataset which includes errors in more languages and has the ability to defects within longer stretches of computer code.