...
The Java language, its core and extension APIs, and the JVM provide several security features, such as the security manager and access controller, cryptography, automatic memory management, strong type checking, and bytecode verification. These features provide sufficient security for most applications, but their proper use is of paramount importance. These guidelines highlight the pitfalls and caveats associated with the security architecture and stress its correct implementation. Adherence to these guidelines safeguards trusted programs from a plethora of exploitable security bugs that can cause denial of service, information leaks, erroneous computations, and privilege escalation.
Included Libraries
<Note. This diagram needs to be replaced by the one from http://docs.oracle.com/javase/7/docs/ (or removed altogether).><04/11: I replaced the image: Does it need introductory text here?>
Figure 1.1 is a conceptual diagram of Oracle's Java SE products.
Figure 1.1 Java Conceptual Diagram
These coding guidelines address security issues primarily applicable to the lang and util base libraries as well as for "other base libraries." They avoid the inclusion of open bugs that have already been marked to be fixed or those that do not have any negative ramifications. A functional bug is included only if it is likely to occur with high frequency, causes considerable security or reliability concerns, or affects most Java technologies that rely on the core platform. These guidelines are not limited to security issues specific to the core API but also include important reliability and security concerns pertaining to the standard extension APIs (javax package).
...