Rationale
Wiki Markup |
---|
The CERT Oracle Secure Coding Standard for Java focuses on the Java SE 6 Platform environment and includes guidelines that address the issue of secure coding using the Java SE 6 API. The Java Language Specification (3rd edition) \[[JLS 2005|AA. Bibliography#JLS 05]\] prescribes the behavior of the Java programming language and serves as the primary reference for the development of this standard. |
...
A section dedicated to securing the runtime environment helps enforce many of the guidelines. Software that complies with this standard provides its users the ability to define fine grained security policies and safely execute trusted mobile code on an untrusted system.
Included Libraries
This secure coding standard addresses security issues primarily applicable to the lang
and util
Base Libraries. Selective advice is also provided for Other Base Libraries as well as the Integration Libraries. This standard avoids the inclusion of open bugs that have already been marked to be fixed or those that do not have any security ramifications. A functional bug is only included if it is likely that it occurs with high frequency, causes considerable security concerns or affects most Java technologies that rely on the core platform. This standard is not limited to security issues specific to the Core API but also includes important security concerns pertaining to the standard extension APIs (javax
package).
Issues not Addressed
There are a number of issues not addressed by this secure coding standard.
Content
This coding standard does not address concerns specific to only one Java based platform, but applies broadly to all platforms. For example, guidelines that are applicable to Java ME or Java EE alone and not to Java SE are typically not included. Within Java SE, APIs that deal with the the user interface (User Interface Toolkits) or the web interface for providing features such as sound, graphical rendering, user account access control, session management, authentication and authorization, are beyond the scope of this standard. However, this does not preclude the standard from discussing networked Java systems in light of the risks associated with improper input validation and injection flaws, and suggesting appropriate mitigation strategies. This standard assumes that the functional specification of the product correctly identifies and prevents higher level design and architectural vulnerabilities.
Coding Style
Coding style issues are subjective, and it has proven impossible to develop a consensus on appropriate style guidelines. Consequently, the CERT Oracle Secure Coding standard for Java does not require any particular coding style to be enforced but only that the user defines style guidelines and apply these guidelines consistently. The easiest way to consistently apply a coding style is with the use of a code formatting tool. Many integrated development environments (IDEs) provide such capabilities.
Tools
As a federally funded research and development center (FFRDC), the SEI is not in a position to recommend particular vendors or tools to enforce the restrictions adopted. The user of this document is free to choose tools, and vendors are encouraged to provide tools to enforce the guidelines.
Controversial Guidelines
In general, the CERT secure coding standards try to avoid the inclusion of controversial guidelines that lack a broad consensus.