...
This secure coding standard addresses security issues primarily applicable to the lang and util Base Libraries. Selective advice is also provided for Other Base Libraries base libraries as well as the Integration Librariesfor "other base libraries". This standard avoids the inclusion of open bugs that have already been marked to be fixed or those that do not have any security ramifications. A functional bug is only included if it is likely that it occurs with high frequency, causes considerable security concerns or affects most Java technologies that rely on the core platform. This standard is not limited to security issues specific to the Core API but also includes important security concerns pertaining to the standard extension APIs (javax package).
...