...
This coding standard does not address concerns specific to only one Java based platform, but applies broadly to all platforms. For example, guidelines that are applicable to Java ME or Java EE alone and not to Java SE are typically not included. Within Java SE, APIs that deal with the the user interface (User Interface Toolkits) or the web interface for providing features such as sound, graphical rendering, user account access control, session management, authentication and authorization, are beyond the scope of this standard. However, this does not preclude the standard from discussing networked Java systems in light of the risks associated with improper input validation and injection flaws, and suggesting appropriate mitigation strategies. This standard assumes that the functional specification of the product correctly identifies and prevents higher level design and architectural vulnerabilities.
Coding Style
Coding style issues are subjective, and it has proven impossible to develop a consensus on appropriate style guidelines. Consequently, the CERT Sun Microsystems Secure Coding standard for Java does not require any particular coding style to be enforced but only that the user defines style guidelines and apply these guidelines consistently. The easiest way to consistently apply a coding style is with the use of a code formatting tool. Many interactive development environments (IDEs) provide such capabilities.
...