...
Traditional languages standards, such as those for C and C++, include undefined, unspecified, and implementation-defined behaviors that can lead to vulnerabilities when a programmer makes incorrect assumptions about the portability of these behaviors. By contrast, The Java Language Specification more completely specifies langauge language behaviors, because Java is designed to be a cross-platform language. Even then, certain behaviors are left to the discretion of the implementer of the Java Virtual Machine (JVM) or the Java compiler. These guidelines identify such language peculiarities and suggest solutions to help implementers address the issues and let programmers appreciate and understand the limitations of the language and navigate around them.
...
Many of these guidelines are not ammenable amenable to automatic detection or correction. It some cases, tool vendors may chose to implement checkers to identify violations of these guidelines. As a federally funded research and development center (FFRDC), the Software Engineering Institute (SEI) is not in a position to recommend particular vendors or tools for this purpose.
...