...
The CERT Oracle Java Coding Guidelinesfocuses on the Java SE 7 Platform environment and includes guidelines that address the issue of secure coding using the Java SE 7 API. The Java Language Specification: Java SE 7 Edition [JLS 2011] prescribes the behavior of the Java programming language and serves as the primary reference for the development of these guidelines.
Traditional languages standards, such as those for C and C++ allow unspecified or , include undefined, unspecified, and implementation-defined behavior, which leads behaviors that can lead to vulnerabilities when a programmer makes incorrect assumptions about the underlying behavior of an API or language construct. portability of these behaviors. By contrast, The Java Language Specification, by contrast, standardizes language requirements whenever possible more completely specifies langauge behaviors, because Java is designed to be a cross-platform language. Even then, certain behaviors are left to the discretion of the implementer of the Java Virtual Machine (JVM) or the Java compiler. These guidelines identify such language peculiarities and suggest solutions to help implementers address the issues and let programmers appreciate and understand the limitations of the language and navigate around them.
...