...
A Java program can contain both internally developed and third-party code. Data that are transmitted to or accepted from Code provenance might dictate the trust given to component. Consequently, third-party code also flow across a trust boundary. Third-party code should might operate in its own trusted domain; , in which case, any code potentially exported to a third-party — such as libraries — should be deployable in well-defined trusted domains. The public API of the potentially-exported code can be considered to be a trust boundary. Data flowing across a trust boundary should be validated when the publisher lacks guarantees of validation. A subscriber or client may omit validation when the data flowing into its trust boundary is appropriate for use as is. In all other cases, inbound data must be validated.
...