...
SER09-EX0: The readObject() method may invoke the overridable methods defaultReadObject() and readFields() in class java.io.ObjectInputStream [SCG 2009].
Risk Assessment
Invoking overridable methods from the readObject() method can lead to initialization errors.
...
Secure Coding Guidelines for the Java Programming Language, Version 3.0 | Guideline 4-4. Prevent constructors from calling methods that can be overridden |
Bibliography
[API 2006] |
|
Item 17. Design and document for inheritance or else prohibit it |
...