...
This secure coding standard addresses security issues applicable to the lang and util Base Libraries, Other Base Libraries as well as Other Base Libraries. Among the Integration Libraries, currently, only JDBC is supported. This standard avoids the inclusion of open bugs that have already been marked to be fixed or those that do not have any security ramifications. A functional bug is only included if it is likely that it occurs with high frequency, causes considerable security concerns or affects most Java technologies that rely on the core platform. This standard is not limited to security issues specific to the Core API but also includes important security concerns pertaining to the standard extension APIs (javax package).
...