SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 19

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version 20

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

Rationale

Wiki MarkupThe CERT Oracle Secure Coding Standard for Java focuses on the Java SE 6 Platform environment and includes guidelines that address the issue of secure coding using the Java SE 6 API. The Java Language Specification (3rd edition) \ [[JLS 2005|AA. References#JLS 05]\] prescribes the behavior of the Java programming language and serves as the primary reference for the development of this standard.

Traditional languages such as C and C++ allow unspecified or implementation-defined behavior, which leads to vulnerabilities when a programmer makes assumptions about the underlying behavior of an API or language construct. The Java Language Specification, by contrast, standardizes language requirements where possible, because Java is designed to be a cross-platform language. Even then, certain behaviors are left to the discretion of the implementer of the Java Virtual Machine (JVM) or the Java compiler. This standard identifies such language peculiarities and suggests solutions to help the implementers address the issues and let programmers appreciate and understand the limitations of the language and navigate around them.

...