...
Although not included in the The CERT® Oracle® Secure Coding Standard for Java, these guidelines should not be considered less important. Guidelines must be excluded from a coding standard when it is not possible to form a normative requirement. There There are many reasons why that a normative requirement cannot be formed. Perhaps the most common is that the rule depends on programmer intent. Such rules cannot be automatically enforced , unless it is possible for the programmer's intent to be specified, in which case, a rule could require consistency between the code and the specified intent. Forming a normative requirement also requires that a violation of that requirement represent a defect in the code. Guidelines have been excluded from the coding standard (but included in this book) in cases where compliance with the guideline is always a good idea, but violating the guideline does not always result in an error. This is because a system cannot cannot be cited for non-conformance nonconformance without a specific defect. This requires that Consequently, coding rules must be very narrowly defined. Frequently, coding Coding guidelines can often have a more far-reaching impact on security and reliability just because they can be more broadly defined.
Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programsdescribes provides specific advice to Java programmers. The application of these Java coding guidelines will lead to better systems that are more robust and more resistant to attack. These guidelines cover a wide range of products coded in Java for devices such as PCs, game players, mobile phones, home appliances, and automotive electronics.
Many of the guidelines refer to rules in The CERT® Oracle® Secure Coding Standard for Java. These references are of the form IDS01-J. Normalize strings before validating them where the first three letters of the reference identify the appropriate chapter of the The CERT® Oracle® Secure Coding Standard for Java book. For example, IDS refers to Chapter 2, "Input Validation and Data Sanitization (IDS)." The Secure Coding Standard for Java rules are also available in a wiki at The CERT Oracle Secure Coding Standard for at https://www.securecoding.cert.org/confluence/display/java/The+CERT+Oracle+Secure+Coding+Standard+for+Java where they may have been updated since the the The CERT® Oracle® Secure Coding Standard for Java book was published.
References in a guideline Cross references to other guidelines are simply given by the number and title of the guideline.
...