...
Classes that have security checks in their constructors must beware of finalization attacks, as explained in rule "OBJ05-J. Do not allow access to partially initialized objects."
Classes that are not sensitive but maintain other invariants must be sensitive to the possibility of malicious subclasses accessing or manipulating their data and possibly invalidating their invariants. See rule "OBJ08-J. Provide mutable classes with copy functionality to allow passing instances to untrusted code safely" for more information.
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ee9bf5fd074dbd20-a5f826c5-492144d6-912db927-326837a7bb4c13b03a888a89"><ac:plain-text-body><![CDATA[ | [[McGraw 1998 | AA. Bibliography#Mcgraw 98]] | Twelve rules for developing more secure Java code | ]]></ac:plain-text-body></ac:structured-macro> | ||
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1396e85bac97f0e9-5eac7c33-440e4a28-9df78dba-67a76962374e17f1e0f273f5"><ac:plain-text-body><![CDATA[ | [[MITRE 2009 | AA. Bibliography#MITRE 09]] | [CWE-498 | http://cwe.mitre.org/data/definitions/498.html] "Cloneable Class Containing Sensitive Information", [CWE-491 | http://cwe.mitre.org/data/definitions/491.html] "Public cloneable() Method Without Final (aka 'Object Hijack')" | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="f72659a4073c664c-012fb39b-42ed4878-9f738ab6-78df103507e16b98aea45c3d"><ac:plain-text-body><![CDATA[ | [[Wheeler 2003 | AA. Bibliography#Wheeler 03]] | 10.6. Java | ]]></ac:plain-text-body></ac:structured-macro> |
...