Thanks Karen, that site may have enough of what I can use. Still a bit of work to do, but worth pursuing. The other sources were a bit too short on the snippets side, which is my fault for not making the question better.
I don't know how many of you used to read the C-Lint ads that said "find the bug in this C code". They were very difficult in all the cases I worked at. :) The whole point of their ad was that their product would find things you couldn't find easily in a manual review. I want something like that. Just playing "tell me the security flaw in these 3 lines of code will not do quite the same thing. I will find a copy of Core Java to look through again, but I don't recall seeing things in this format when I looked before. The challenge with this is that I need something that fits well in a single PowerPoint slide (so it can be viewed while the participants eat). It also has to be fairly difficult. I am not sure that just "not filtering user input" is sufficiently strong. I want something that would take some thinking. I expect that I will have to design and format these myself, but I would love to have something sooner by using something that already did this. Thanks for the other replies. I am going to check out the NIST site some more. I will read over the other sites, but using them will take more effort than I was hoping for. Brad Quoting "Goertzel, Karen [USA]" <goertzel_ka...@bah.com>: > The NIST SAMATE Reference Dataset has mainly C code in it, but there > is also Java, C++, and PHP. There's a search function that allows > you to search by programming language to find what you want. > > http://samate.nist.gov/SRD/ _______________________________________________ Secure Coding mailing list (SC-L) SC-L@securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
