The CERT Oracle Secure Coding Standard for Java is primarily intended for developers of Java language programs. While this standard focuses on the Java Standard Edition (Platform SE ) 6 Platform environment, it should also be informative (although incomplete) for Java developers working with Java Micro Edition ( ME ) or Java Enterprise Edition ( EE ) and other Java language versions.
While primarily designed for secure systems, this standard is also useful for achieving other quality attributes such as safety, reliability, dependability, robustness, resiliency, availability, and maintainability.
This standard may also be used by
- developers Developers of analyzer tools that who wish to diagnose insecure or nonconforming Java language programs.
- software Software development managers, software acquirers, or other software development and acquisition specialists to establish a proscriptive set of secure coding standards.
- educators Educators as a primary or secondary text for software security courses that teach secure coding in Java
The rules in this standard may be extended with organization-specific rules. However, a program must comply with existing rules to be considered conforming to the standard.
Training may be developed to educate software professionals regarding the appropriate application of secure coding standards. After passing an examination, these trained programmers may also be certified as secure coding professionals.