...
Although uncommon, some guidelines are entirely non-normative. The following guidelines, for example, are entirely non-normative:
- NUM52-J. Be aware of numeric promotion behavior
- EXP55-JJG. Use the same type for the second and third operands in conditional expressions
Source Code Conformance
Conformance to The CERT Oracle Secure Coding Standard for Java can be used as as security indicator or metric. While conformance does not guarantee the absence of vulnerabilities (for example, vulnerabilities resulting from design flaws), it does guarantee the absence of coding errors that are commonly found to be the root causes of vulnerabilities.
...