Software systems can be validated as conforming to the CERT Oracle Secure Coding Standard for Java. Source code analysis tools, including compilers and static analysis tools, can be certified as able to validate source code as conforming to this standard.
Source Code
...
Conformance
Conformance to The CERT Oracle Secure Coding Standard for Java can be used as a measure of software security by determining the degree to which a software system complies with the guidelines in this standard. While compliance as security indicator or metric. While conformance does not guarantee the absence of vulnerabilities (for example, vulnerabilities resulting from design flaws), it does guarantee the absence of coding errors that are commonly found to be the root causes of vulnerabilities.
The easiest way to validate code as compliant with the conforming to The CERT Oracle Secure Coding standard for Java is to use a certified validated source code analysis tool.
...
Guidelines in this standard are classified into three levels (see 00.7 Priority and Levels). Emphasis should be placed on conformance Level 1 (L1) guidelines. Software systems that have been validated as complying with all Level 1 guidelines are considered to be L1 Conforming. Software systems can be assessed as L1, L2, or fully conforming depending on the set of guideline to which the system has been validated.
Rules versus Recommendations
Conformance to secure coding guidelines must be demonstrated to claim compliance with this standard unless an exceptional condition exists. If an exceptional condition is claimed, the exception must correspond to a predefined exceptional condition and the application of this exception must be documented in the source code.
Deviation Procedure
Strict adherence to all guidelines is unlikely. Consequently, deviations associated with individual situations are permissible.
...