...
These coding guidelines address security issues primarily applicable to the lang and util base libraries as well as for "other base libraries." They avoid the inclusion of open bugs that have already been marked to be fixed or those that do not have any security negative ramifications. A functional bug is included only if it is likely to occur with high frequency, causes considerable security or reliability concerns, or affects most Java technologies that rely on the core platform. These guidelines are not limited to security issues specific to the core API but also include important reliability and security concerns pertaining to the standard extension APIs (javax package).
Demonstrating the full range of security features that Java offers requires studying interaction of code with other components and frameworks. Occasionally, the coding guidelines use examples from popular web and application frameworks such as Spring and Struts and technologies such as Java Server Pages (JSP) to highlight a security vulnerability that cannot be studied in isolation. Only when the standard API provides no option to mitigate a vulnerability, are third-party libraries and solutions suggested.
Issues Not Addressed
A number of issues are not addressed by this secure coding standard.
...