These example programs demonstrate flaws that may (or may not) be detected by security scanners for C/C++ software. The examples are small, simple C/C++ programs, each of which is meant to evaluate some specific aspect of a security scanner's performance. Overall, the evaluation programs can be categorized as programs used to evaluate the detection of potential vulnerabilities and those used to evaluate resilience against false alarms.