The CERT Oracle Java Coding Guidelines provides 75 <or however many we end up with> guidelines that will help Java developers write higher-quality codeprogrammers develop systems that are reliable and secure. It is written by the same team who producedauthors of The CERT® Oracle® Secure Coding Standard for Java [Long 2011]. That coding standard provides a set of rules for secure coding in the Java programming language. The goal of those rules is to eliminate insecure coding practices that can lead to exploitable vulnerabilities. The rules are meant to be normative. However, there are Secure Coding Standard is establishes normative requirements for software systems. These software systems can then be evaluated for conformance to the coding standard, for example, using the Source Code Analysis Laboratory (SCALEe) [Seacord 2013]. However, there are poor Java coding practices that, although they do not warrant inclusion in a secure coding standard for Java, are still considered poor style and could can lead to unreliable or insecure programs.
Although not included in the The CERT® Oracle® Secure Coding Standard for Java, these guidelines should not be considered less important. Guidelines must be excluded from a coding standard when it is not possible to form a normative requirement. There are many reasons why a normative requirement cannot be formed. Perhaps the most common is that the rule depends on programmer intent. These rules cannot be enforced, unless it is possible the programmer's intent can be specified, in which case, a rule could require consistency between the code and the specified intent. Forming a normative requirement also requires that a violation of that requirement represent a defect in the code. Guidelines have been excluded from the coding standard (but included in this book) in cases where compliance with the guideline is always a good idea, but violating the guideline does not always result in an error. This is because you cannot reject a system for nonconformance without a specific defect. This requires that coding rules be every narrowly defined. Frequently, coding guidelines can have a far more reaching impact on security and reliability just because they can be more broadly defined.
Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs describes provides specific advice to Java programmers The CERT Oracle Java Coding Guidelines describes some of these poor coding practices and shows how to avoid them. The application of these Java coding guidelines will lead to better systems that are more robust and more resistant to attack. These guidelines cover a wide range of products coded in Java for devices such as PCs, game players, mobile phones, home appliances, and automotive electronics.
...