Sensitive data is in memory can be vulnerable to compromise. An adversary who has control of the file system can execute code on the same machine as an application may be able to access such data if the application:
...
Using such attacks to compromise sensitive data is far easier for live data than for data that becomes harder if the memory containing the data has been cleared or reclaimed. Sensitive data that remains live beyond the minimum period required for its use has an unnecessarily large window of vulnerability. Consequently, programs must minimize the lifetime of sensitive data.
Currently, complete mitigation requires support from the underlying operating system and JVM. For instance, if swapping sensitive data out to disk is an issue, a secure operating system that disables swapping and hibernation is indispensablerequired.
Noncompliant Code Example
...