SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 269

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version Current

changes.mady.by.user Robert Schiela

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Removed unused ref.

Anchor
Abadi 96
Abadi 96

[Abadi 1996] Martin Abadi and Roger Needham, Prudent Engineering Practice for Cryptographic Protocols, IEEE Transactions on Software Engineering, Volume 22, Issue 1, 1996, 6 - 156–15.

Anchor
API 06
Aho 1986
Aho 1986
API 06

[API 2006] Java Platform, Standard Edition 6 API Specification, Oracle, 2011. AnchorAPI 12API 12 [API 2012] Java Platform, Standard Edition 7 API Specification, Oracle, 2012. AnchorAustin 00Austin 00 [Austin 2000] Calvin Austin and Monica Pawlan, Advanced Programming for the Java 2 Platform , Addison-Wesley Longman, Boston, 2000. AnchorBlack 04Black 04 [Black 2004] Paul E. Black and Paul J. Tanenbaum, partial order, in Dictionary of Algorithms and Data Structures [online], Paul E. Black, ed., U.S. National Institute of Standards and Technology, December 17, 2004.
Available at http://xlinux.nist.gov/dads/HTML/partialorder.html. AnchorBlack 06Black 06 [Black 2006] Paul E. Black and Paul J. Tanenbaum, total order, in Dictionary of Algorithms and Data Structures [online], Paul E. Black, ed., U.S. National Institute of Standards and Technology. March 30, 2006.
Available at http://xlinux.nist.gov/dads/HTML/totalorder.html. AnchorBloch 01Bloch 01 [Bloch 2001] Joshua Bloch, Effective Java: Programming Language Guide, Addison-Wesley Professional, Boston, 2001. AnchorBloch 05Bloch 05 [Bloch 2005a] Joshua Bloch and Neal Gafter, Java™ Puzzlers: Traps, Pitfalls, and Corner Cases, Addison-Wesley Professional, Boston, 2005. AnchorBloch 05bBloch 05b [Bloch 2005b] Joshua Bloch and Neal Gafter, Yet More Programming Puzzlers, JavaOne Conference, 2005. AnchorBloch 07Bloch 07 [Bloch 2007] Joshua Bloch, Effective Java™ Reloaded: This Time It's (Not) for Real, JavaOne Conference, 2007. AnchorBloch 08Bloch 08 [Bloch 2008] Joshua Bloch, Effective Java, 2nd ed., Addison-Wesley Professional, Boston, 2008. AnchorBloch 09Bloch 09 [Bloch 2009] Joshua Bloch and Neal Gafter, Return of the Puzzlers: Schlock and Awe, JavaOne Conference, 2009. AnchorBoehm 05Boehm 05 [Boehm 2005] Hans-J. Boehm, Finalization, Threads, and the Java™ Technology-Based Memory Model, JavaOne Conference, 2005. AnchorCampione 96Campione 96 [Campione 1996] Mary Campione and Kathy Walrath, The Java Tutorial: Object-Oriented Programming for the Internet, Addison-Wesley, Reading, MA, 1996. AnchorCCITT 88CCITT 88 [CCITT 1988] CCITT. CCITT Blue Book, Recommendation X.509 and IS0 9594-8: The Directory-Authentication Framework, International Telecommunication Union, Geneva, 1988. AnchorChan 99Chan 99 [Chan 1999] Patrick Chan, Rosanna Lee, and Douglas Kramer, The Java Class Libraries: Supplement for the Java 2 Platform, v1.2, 2nd ed., Volume 1, Prentice Hall, Upper Saddle River, NJ, 1999. AnchorChess 07Chess 07 [Chess 2007] Brian Chess and Jacob West, Secure Programming with Static Analysis, Addison-Wesley Professional, Boston, MA, 2007. AnchorChristudas 05Christudas 05 [Christudas 2005] Internals of Java Class Loading, ONJava, 2005. AnchorCohen 81Cohen 81 [Cohen 1981] On Holy Wars and a Plea for Peace, IEEE Computer, Volume 14, Issue 10, 1981. AnchorConventions 09Conventions 09 [Conventions 2009] Code Conventions for the Java Programming Language, Sun Microsystems, 2009. AnchorCVE 11CVE 11 [CVE 2011] Common Vulnerabilities and Exposures, MITRE Corporation, 2011. Available at http://cve.mitre.org. AnchorCoomes 07Coomes 07 [Coomes 2007] John Coomes, Peter Kessler, and Tony Printezis, Garbage Collection-Friendly Programming, Java SE Garbage Collection Group, Sun Microsystems, JavaOne Conference, 2007. AnchorCore Java 04Core Java 04 [Core Java 2004] Cay S. Horstmann and Gary Cornell, Core Java™ 2, Volume I, Fundamentals, 7th ed., Prentice Hall PTR, Boston, 2004. AnchorCunningham 95Cunningham 95 [Cunningham 1995] Ward Cunningham, The CHECKS Pattern Language of Information Integrity, in Pattern Languages of Program Design, James O Coplien and Douglas C Schmidt (eds.), Addison-Wesley Professional, Reading, MA, 1995. AnchorDaconta 00Daconta 00 [Daconta 2000] Michael C. Daconta, When Runtime.exec() Won't, JavaWorld.com, 2000. AnchorDaconta 03Daconta 03 [Daconta 2003] Michael C. Daconta, Kevin T. Smith, Donald Avondolio, and W. Clay Richardson, More Java Pitfalls, Wiley Publishing, New York, 2003. AnchorDarwin 04Darwin 04 [Darwin 2004] Ian F. Darwin, Java Cookbook, O'Reilly, Sebastopol, CA, 2004. AnchorDavis 08Davis 08 [Davis 2008a] Mark Davis and Ken Whistler, Unicode Standard Annex #15, Unicode Normalization Forms, 2008. AnchorDavis 08bDavis 08b [Davis 2008b] Mark Davis and Michel Suignard, Unicode Technical Report #36, Unicode Security Considerations, 2008. AnchorDennis 1966Dennis 1966 [Dennis 1966] Jack B. Dennis and Earl C. Van Horn, Programming Semantics for Multiprogrammed Computations, Communications of the ACM, Volume 9, Issue 3, March 1966, pp. 143-155, DOI=10.1145/365230.365252. AnchorDHS 06DHS 06 [DHS 2006] Build Security In, U.S. Department of Homeland Security, 2006. AnchorDormann 08Dormann 08 [Dormann 2008] Will Dormann, Signed Java Applet Security: Worse than ActiveX?, CERT Vulnerability Analysis Blog, 2008. AnchorDoshi 03Doshi 03 [Doshi 2003] Gunjan Doshi, Best Practices for Exception Handling, ONJava.com, 2003. AnchorDougherty 2009Dougherty 2009 [Dougherty 2009] Chad Dougherty, Kirk Sayre, Robert C. Seacord, David Svoboda, and Kazuya Togashi, Secure Design Patterns, CMU/SEI-2009-TR-010, Defense Technical Information Center, Ft. Belvoir, VA, 2009. AnchorEclipse 08Eclipse 08 [Eclipse 2008] The Eclipse Platform, 2008. AnchorEncodings 06Encodings 06 [Encodings 2006] Supported Encodings, Sun Microsystems, 2006. AnchorEMA 2011EMA 2011 [EMA 2011] Java SE 6 Documentation, Extension Mechanism Architecture, Sun Microsystems, 2011. AnchorEnterprise 03Enterprise 03 [Enterprise 2003] The O'Reilly Java Authors, Java Enterprise Best Practices, O'Reilly, Sebastopol, CA, 2003. AnchorESA 05ESA 05 [ESA 2005] Java Coding Standards, prepared by European Space Agency (ESA) Board for Software Standardisation and Control (BSSC), 2005. AnchorFairbanks 07Fairbanks 07 [Fairbanks 2007] Design Fragments, Defense Technical Information Center, Ft. Belvoir, VA, 2007. AnchorFindBugs 08FindBugs 08 [FindBugs 2008] FindBugs Bug Descriptions, 2008. AnchorFisher 03Fisher 03 [Fisher 2003] Maydene Fisher, Jon Ellis, and Jonathan Bruce, JDBC API Tutorial and Reference, 3rd ed., Addison-Wesley, Boston, MA, 2003. AnchorFlanagan 05Flanagan 05 [Flanagan 2005] David Flanagan, Java in a Nutshell, 5th ed., O'Reilly, Sebastopol, CA, 2005. AnchorForman 05Forman 05 [Forman 05] Ira R. Forman and Nate Forman, Java Reflection in Action, Manning Publications, Greenwich, CT, 2005. AnchorFortify 08Fortify 08 [Fortify 2008] A Taxonomy of Coding Errors that Affect Security, Java/JSP, Fortify Software, 2008. AnchorFox 01Fox 01 [Fox 2001] Joshua Fox, When Is a Singleton Not a Singleton?, Sun Developer Network, 2001. AnchorFT 08FT 08 [FT 2008] Function Table Class FunctionTable, Field detail, public static FuncLoader m_functions, 2008. AnchorGafter 06Gafter 06 [Gafter 2006] Neal Grafter, Neal Gafter's blog, 2006. AnchorGamma 95Gamma 95 [Gamma 1995] Erich Gamma, Richard Helm, Ralph Johnson, and John M. Vlissides, Design Patterns: Elements of Reusable Object-Oriented Software, Addison-Wesley Professional, Boston, MA, 1995. AnchorGarfinkel 96Garfinkel 96 [Garfinkel 1996] Simson Garfinkel and Gene Spafford, Practical UNIX & Internet Security, 2nd ed., O'Reilly, Sebastopol, CA, 1996. AnchorGarms 01Garms 01 [Garms 2001] Jess Garms and Daniel Somerfield, Professional Java Security, Wrox Press, Chicago, 2001. AnchorGoetz 02Goetz 02 [Goetz 2002] Brian Goetz, Java Theory and Practice: Don't Let the "this" Reference Escape during Construction, IBM developerWorks (Java technology), 2002. AnchorGoetz 04Goetz 04 [Goetz 2004a] Brian Goetz, Java Theory and Practice: Garbage Collection and Performance, IBM developerWorks (Java technology), 2004. AnchorGoetz 04bGoetz 04b [Goetz 2004b] Brian Goetz,Java Theory and Practice: The Exceptions Debate: To Check, or Not to Check?, IBM developerWorks (Java technology), 2004. AnchorGoetz 04cGoetz 04c [Goetz 2004c] Brian Goetz, Java Theory and Practice: Going Atomic, IBM developerWorks (Java technology), 2004. AnchorGoetz 05Goetz 05 [Goetz 2005a] Brian Goetz, Java Theory and Practice: Be a Good (Event) Listener, Guidelines for Writing and Supporting Event Listeners, IBM developerWorks (Java technology), 2005. AnchorGoetz 05bGoetz 05b [Goetz 2005b] Brian Goetz, Java Theory and Practice: Plugging Memory Leaks with Weak References, IBM developerWorks (Java technology), 2005. AnchorGoetz 06Goetz 06 [Goetz 2006a] Brian Goetz, Tim Peierls, Joshua Bloch, Joseph Bowbeer, David Holmes, and Doug Lea, Java Concurrency in Practice, Addison-Wesley Professional, Boston, MA, 2006. AnchorGoetz 06bGoetz 06b [Goetz 2006b] Brian Goetz, Java Theory and Practice: Good Housekeeping Practices, IBM developerWorks (Java technology), 2006. AnchorGoetz 07Goetz 07 [Goetz 2007] Brian Goetz, Java Theory and Practice: Managing Volatility, Guidelines for Using Volatile Variables, IBM developerWorks (Java technology), 2006. AnchorGoldberg 91Goldberg 91 [Goldberg 1991] David Goldberg, What Every Computer Scientist Should Know about Floating-Point Arithmetic, Sun Microsystems, March 1991. AnchorGong 03Gong 03 [Gong 2003] Li Gong, Gary Ellison, and Mary Dageforde, Inside Java 2 Platform Security: Architecture, API Design, and Implementation, 2nd ed., Prentice Hall, Boston, MA, 2003. AnchorGrand 02Grand 02 [Grand 2002] Mark Grand, Patterns in Java, Volume 1, 2nd ed., Wiley, New York, 2002. AnchorGreanier 00Greanier 00 [Greanier 2000] Todd Greanier, Discover the Secrets of the Java Serialization API, Sun Developer Network (SDN), 2000. AnchorGreen 08Green 08 [Green 2008] Roedy Green, Canadian Mind Products Java & Internet Glossary, 2008. AnchorGrigg 06Grigg 06 [Grigg 2006] Jeffery Grigg, Reflection On Inner Classes, 2006. AnchorGrosso 01Grosso 01 [Grosso 2001] William Grosso, Java RMI, O'Reilly, Sebastopol, CA, 2001. AnchorGupta 05Gupta 05 [Gupta 2005] Satish Chandra Gupta and Rajeev Palanki, Java Memory Leaks - Catch Me If You Can, 2005. AnchorHaack 06Haack 06 [Haack 2006] Christian Haack, Erik Poll, Jan Schafer and Aleksy Schubert, Immutable Objects in Java, 2006. AnchorHaggar 00Haggar 00 [Haggar 2000] Peter Haggar, Practical Java™ Programming Language Guide, Addison-Wesley Professional, Boston, MA, 2000. AnchorHalloway 00Halloway 00 [Halloway 2000] Stuart Halloway, Java Developer Connection Tech Tips, March 28, 2000. AnchorHalloway 01Halloway 01 [Halloway 2001] Stuart Halloway, Java Developer Connection Tech Tips, January 30, 2001. AnchorHarold 97Harold 97 [Harold 1997] Elliotte Rusty Harold, Java Secrets, Wiley, New York, 1997. AnchorHarold 99Harold 99 [Harold 1999] Elliotte Rusty Harold, Java I/O, O'Reilly, Sebastopol, CA, 1999. AnchorHarold 06Harold 06 [Harold 2006] Elliotte Rusty Harold, Java I/O, 2nd ed., O'Reilly, Sebastopol, CA, 2006. AnchorHawtin 08Hawtin 08 [Hawtin 2008] Thomas Hawtin, Secure Coding Antipatterns: Preventing Attacks and Avoiding Vulnerabilities, Sun Microsystems, Make it Fly 2008, London. 2008. AnchorHeffley 2004Heffley 2004 [Heffley 2004] J. Heffley and P. Meunier, Can Source Code Auditing Software Identify Common Vulnerabilities and Be Used to Evaluate Software Security? Proceedings of the 37th Annual Hawaii International Conference on System Sciences (HICSS–04), Track 9, Volume 9, IEEE Computer Society, January 2004. AnchorHenney 03Henney 03 [Henney 2003] Kevlin Henney, Null Object, Something for Nothing, 2003. AnchorHitchens 02Hitchens 02 [Hitchens 2002] Ron Hitchens, Java™ NIO, O'Reilly, Sebastopol, CA, 2002. AnchorHornig 07Hornig 07 [Hornig 2007] Charles Hornig, Advanced Java™ Globalization,JavaOne Conference, 2007. AnchorHovemeyer 07Hovemeyer 07 [Hovemeyer 2007] David Hovemeyer and William Pugh, Finding More Null Pointer Bugs, But Not Too Many, Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program Analysis for Software Tools and Engineering, 2007. AnchorHoward 02Howard 02 [Howard 2002] Michael Howard and David C. LeBlanc, Writing Secure Code, 2nd ed., Microsoft Press, Redmond, WA, 2002. AnchorHunt 98Hunt 98 [Hunt 1998] J. Hunt and F. Long, Java's Reliability: An Analysis of Software Defects in Java, Software IEEE Proceedings, 1998. AnchorIEC 60812 2006IEC 60812 2006 [IEC 60812 2006] Analysis Techniques for System Reliability — Procedure for Failure Mode and Effects Analysis (FMEA), 2nd ed., International Electrotechnical Commission, Geneva, Switzerland, 2006. AnchorIEEE 754 2006IEEE 754 2006 [IEEE 754 2006] IEEE, Standard for Binary Floating-Point Arithmetic (IEEE 754-1985), 2006. AnchorISO/IEC TR 24772-2010ISO/IEC TR 24772-2010 [ISO/IEC TR 24772:2010] ISO/IEC TR 24772. Information TechnologyProgramming LanguagesGuidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use, October 2010. AnchorISO/IEC TR 24772-2013ISO/IEC TR 24772-2013[ISO/IEC TR 24772:2013] ISO/IEC TR 24772:2013. Information Technology—Programming Languages—Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use.  Geneva, Switzerland: International Organization for Standardization, March 2013. AnchorJ2SE 00J2SE 00 [J2SE 2000] Java™ 2 SDK, Standard Edition Documentation, Sun Microsystems, J2SE Documentation version 1.3, Sun Microsystems, 2000. AnchorJ2SE 11J2SE 11 [J2SE 2011] Java™ SE 7 Documentation, J2SE Documentation version 1.7, Oracle Corporation, 2011. AnchorJarSpec 08JarSpec 08 [JarSpec 2008] J2SE Documentation version 1.5, Jar File Specification, Sun Microsystems, 2000. AnchorJava 06Java 06 [Java 2006] Java - The Java Application Launcher, Sun Microsystems, 2006. AnchorJava2NS 99Java2NS 99 [Java2NS 1999] Marco Pistoia, Duane F. Reller, Deepak Gupta, Milind Nagnur, and Ashok K. Ramani, Java 2 Network Security, Prentice Hall, Upper Saddle River, NJ, 1999. AnchorJavaGenerics 04JavaGenerics 04 [JavaGenerics 2004] Oracle, Generics, Sun Microsystems, 2004. AnchorJavaThreads 99JavaThreads 99 [JavaThreads 1999] Scott Oaks and Henry Wong, Java Threads, 2nd ed., O'Reilly, Sebastopol, CA, 1999. AnchorJavaThreads 04JavaThreads 04 [JavaThreads 2004] Scott Oaks and Henry Wong, Java Threads, 3rd ed., O'Reilly, Sebastopol, CA, 2004. AnchorJDK7 08JDK7 08 [JDK7 2008] Java™Platform, Standard Edition 7 documentation, Sun Microsystems, December 2008. AnchorJLS 05JLS 05 [JLS 2005] James Gosling, Bill Joy, Guy Steele, and Gilad Bracha, The Java Language Specification, 3rd ed., Prentice Hall, Upper Saddle River, NJ, 2005. AnchorJMX 06JMX 06 [JMX 2006] Monitoring and Management for the Java Platform, Sun Microsystems, 2006. AnchorJMXG 06JMXG 06 [JMXG 2006] Java SE Monitoring and Management Guide, Sun Microsystems, 2006. AnchorJNI 06JNI 06 [JNI 2006] Java Native Interface, Sun Microsystems, 2006. Anchor Jovanovic 06 Jovanovic 06 [Jovanovic 2006] Nenad Jovanovic, Christopher Kruegel, and Engin Kirda, Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper), Proceedings of the 2006 IEEE Symposium on Security and Privacy (S&P'06), pp.258–263, May 21–24, 2006. AnchorJPDA 04JPDA 04 [JPDA 2004] Java Platform Debugger Architecture (JPDA), Sun Microsystems, 2004. AnchorJPL 06JPL 06 [JPL 2006] Ken Arnold, James Gosling, and David Holmes, The Java™ Programming Language, 4th ed., Addison-Wesley Professional, Boston, MA, 2006. AnchorJSR-133 04JSR-133 04 [JSR-133 2004] JSR-133: Java™ Memory Model and Thread Specification, 2004. AnchorJVMTI 06JVMTI 06 [JVMTI 2006] Java Virtual Machine Tool Interface (JVM TI), Sun Microsystems, 2006. AnchorJVMSpec 99JVMSpec 99 [JVMSpec 1999] The Java Virtual Machine Specification, Sun Microsystems, 1999. AnchorKabanov 09Kabanov 09 [Kabanov 2009] Jevgeni Kabanov, The Ultimate Java Puzzler, February 16th, 2009. AnchorKabutz 01Kabutz 01 [Kabutz 2001] Heinz M. Kabutz, The Java Specialists' Newsletter, 2001. AnchorKalinovsky 04Kalinovsky 04 [Kalinovsky 2004] Alex Kalinovsky, Covert Java: Techniques for Decompiling, Patching, and Reverse Engineering, SAMS Publishing, Boston, 2004. AnchorKnoernschild 01Knoernschild 01 [Knoernschild 2001] Kirk Knoernschild, Java™ Design: Objects, UML, and Process, Addison-Wesley Professional, Boston, MA, 2001. AnchorLai 08Lai 08

[Lai 2008] Charlie Lai, Java Insecurity: Accounting for Subtleties That Can Compromise Code , 2008.

...

Aho 1986] Aho, Alfred V.; Sethi, Ravi; Ullman, Jeffrey D. "Compilers: Principles, Techniques, and Tools" (2nd ed.), 1986.

 

Anchor
AndroidAPI 13
AndroidAPI 13

[Android API 2013] Android API. Package Index, Android, 2013.

Anchor
AndroidGuides 13
AndroidGuides 13

[Android Guide 2013] Android API Guides, Introduction to Android, Android, 2013.

Anchor
AndroidSecurity
AndroidSecurity

[Android Security] Security Tips, Android Training.

Anchor
Apache 14
Apache 14

[Apache 2014] Apache Tika: A Content Analysis Toolkit, Apache Software Foundation, 2014.

Anchor
Apache 15
Apache 15

[Apache 2015] Apache Tomcat, Apache Software Foundation, 2015.

Anchor
API 06
API 06

[API 2006] Java Platform, Standard Edition 6 API Specification, Oracle, 2011.

Anchor
API 12
API 12

[API 2012] Java Platform, Standard Edition 7 API Specification, Oracle, 2012.

Anchor
API 13
API 13

[API 2013] Java Platform, Standard Edition 7 API Specification, Oracle, 2013.

Anchor
J2EE API 13
J2EE API 13

[J2EE API 2013] Java Platform, Extended Edition 7 API Specification, Oracle, 2013.

Anchor
API 14
API 14

[API 2014] Java Platform, Standard Edition 8 API Specification, Oracle, 2014.

Anchor
Arnold 06
Arnold 06

[Arnold 2006] Ken Arnold, James Gosling, and David Holmes. The Java Programming Language, 4th ed., Addison-Wesley, Boston, 2006.

Anchor
Austin 00
Austin 00

[Austin 2000] Calvin Austin and Monica Pawlan, Advanced Programming for the Java 2 Platform, Addison-Wesley Longman, Boston, 2000.

Anchor
Black 04
Black 04

[Black 2004] Paul E. Black and Paul J. Tanenbaum, partial order, in Dictionary of Algorithms and Data Structures [online], Paul E. Black, ed., U.S. National Institute of Standards and Technology, December 17, 2004.

Anchor
Black 06
Black 06

[Black 2006] Paul E. Black and Paul J. Tanenbaum, total order, in Dictionary of Algorithms and Data Structures [online], Paul E. Black, ed., U.S. National Institute of Standards and Technology. March 30, 2006.

Anchor
Bloch 01
Bloch 01

[Bloch 2001] Joshua Bloch, Effective Java: Programming Language Guide, Addison-Wesley Professional, Boston, 2001.

Anchor
Bloch 05
Bloch 05

[Bloch 2005a] Joshua Bloch and Neal Gafter, Java™ Puzzlers: Traps, Pitfalls, and Corner Cases, Addison-Wesley Professional, Boston, 2005.

Anchor
Bloch 05b
Bloch 05b

[Bloch 2005b] Joshua Bloch and Neal Gafter, Yet More Programming Puzzlers, JavaOne Conference, 2005.

Anchor
Bloch 07
Bloch 07

[Bloch 2007] Joshua Bloch, Effective Java™ Reloaded: This Time It's (Not) for Real, JavaOne Conference, 2007.

Anchor
Bloch 08
Bloch 08

[Bloch 2008] Joshua Bloch, Effective Java™: Programming Language Guide, 2nd ed., Addison-Wesley Professional, Boston, 2008.

Anchor
Bloch 09
Bloch 09

[Bloch 2009] Joshua Bloch and Neal Gafter, Return of the Puzzlers: Schlock and Awe, JavaOne Conference, 2009.

Anchor
Boehm 05
Boehm 05

[Boehm 2005] Hans-J. Boehm, Finalization, Threads, and the Java™ Technology-Based Memory Model, JavaOne Conference, 2005.

Anchor
Campione 96
Campione 96

[Campione 1996] Mary Campione and Kathy Walrath, The Java Tutorial: Object-Oriented Programming for the Internet, Addison-Wesley, Reading, MA, 1996.

Anchor
CCITT 88
CCITT 88

[CCITT 1988] International Telegraph and Telephone Consultative Committee (CCITT). CCITT Blue Book, Recommendation X.509 and IS0 9594-8: The Directory-Authentication Framework, International Telecommunication Union, Geneva, 1988.

Anchor
Chan 99
Chan 99

[Chan 1999] Patrick Chan, Rosanna Lee, and Douglas Kramer, The Java Class Libraries: Supplement for the Java 2 Platform, Volume 1.2, 2nd ed., Prentice Hall, Upper Saddle River, NJ, 1999.

Anchor
Chess 07
Chess 07

[Chess 2007] Brian Chess and Jacob West, Secure Programming with Static Analysis, Addison-Wesley Professional, Boston, 2007.

Anchor
Chen 14
Chen 14

[Chen 14] Eric Chen, Yutong Pei, Shuo Chen, Yuan Tian, Robert Kotcher, and Patrick Tague. "OAuth Demystified for Mobile Application Developers.", 2014.

Anchor
Chin 11
Chin 11

[Chin 2011] Erika Chin, Adrienne Porter Felt, Kate Greenwood, and David Wagner, Analyzing Inter-Application Communication in Android, Proc. MobiSys '11: Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, pp. 239–252, ACM, New York, 2011.

Anchor
Christudas 05
Christudas 05

[Christudas 2005] Internals of Java Class Loading, ONJava, 2005.

Anchor
Cohen 81
Cohen 81

[Cohen 1981] On Holy Wars and a Plea for Peace, IEEE Computer, Volume 14, Issue 10, 1981.

Anchor
Conventions 09
Conventions 09

[Conventions 2009] Code Conventions for the Java Programming Language, Sun Microsystems, 2009.

Anchor
Coomes 07
Coomes 07

[Coomes 2007] John Coomes, Peter Kessler, and Tony Printezis, Garbage Collection-Friendly Programming, Java SE Garbage Collection Group, Sun Microsystems, JavaOne Conference, 2007.

Anchor
Core Java 04
Core Java 04

[Core Java 2004] Cay S. Horstmann and Gary Cornell, Core Java™ 2, Volume I, Fundamentals, 7th ed., Prentice Hall PTR, Boston, 2004.

Anchor
Coverity 07
Coverity 07

[Coverity 2007] Coverity Prevent User's Manual (3.3.0). Coverity, 2007.

Anchor
Cunningham 95
Cunningham 95

[Cunningham 1995] Ward Cunningham, The CHECKS Pattern Language of Information Integrity, in Pattern Languages of Program Design, James O. Coplien and Douglas C. Schmidt (eds.), Addison-Wesley Professional, Reading, MA, 1995.

Anchor
CVE 11
CVE 11

[CVE 2011] Common Vulnerabilities and Exposures, MITRE Corporation, 2011.

Anchor
Daconta 00
Daconta 00

[Daconta 2000] Michael C. Daconta, When Runtime.exec() Won't, JavaWorld.com, 2000.

Anchor
Daconta 03
Daconta 03

[Daconta 2003] Michael C. Daconta, Kevin T. Smith, Donald Avondolio, and W. Clay Richardson, More Java Pitfalls, Wiley, New York, 2003.

Anchor
Darwin 04
Darwin 04

[Darwin 2004] Ian F. Darwin, Java Cookbook, O'Reilly, Sebastopol, CA, 2004.

Anchor
Davis 08
Davis 08

[Davis 2008a] Mark Davis and Ken Whistler, Unicode Standard Annex #15, Unicode Normalization Forms, 2008.

Anchor
Davis 08b
Davis 08b

[Davis 2008b] Mark Davis and Michel Suignard, Unicode Technical Report #36, Unicode Security Considerations, 2008.

Anchor
Dennis 1966
Dennis 1966

[Dennis 1966] Jack B. Dennis and Earl C. Van Horn, Programming Semantics for Multiprogrammed Computations, Communications of the ACM, Volume 9, Issue 3, March 1966, pp. 143–155, DOI=10.1145/365230.365252.

Anchor
DHS 06
DHS 06

[DHS 2006] Build Security In, U.S. Department of Homeland Security, 2006.

Anchor
Dormann 08
Dormann 08

[Dormann 2008] Will Dormann, Signed Java Applet Security: Worse than ActiveX?, CERT Vulnerability Analysis Blog, 2008.

Anchor
Doshi 03
Doshi 03

[Doshi 2003] Gunjan Doshi, Best Practices for Exception Handling, ONJava.com, 2003.

Anchor
Dougherty 2009
Dougherty 2009

[Dougherty 2009] Chad Dougherty, Kirk Sayre, Robert C. Seacord, David Svoboda, and Kazuya Togashi, Secure Design Patterns, CMU/SEI-2009-TR-010, Defense Technical Information Center, Ft. Belvoir, VA, 2009.

Anchor
Eclipse 08
Eclipse 08

[Eclipse 2008] The Eclipse Platform, 2008.

Anchor
Egele 2013
Egele 2013

[Egele 2013] Manuel Egele, David Brumley, Yanick Fratantonio, and Christopher Kruegel. An Empirical Study of Cryptographic Misuse in Android Applications, Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp.73–84, 2013.

Anchor
EMA 2011
EMA 2011
Anchor
EMA 14
EMA 14

[EMA 2014] Java SE Documentation, Extension Mechanism Architecture, Oracle, 1993, 2014.

Anchor
Enck 09
Enck 09

[Enck 2009] William Enck, Machigar Ongtang, Patrick Drew McDaniel, and others. Understanding Android Security, IEEE Security & Privacy, vol. 7, 1, p. 50–57, 2009.

Anchor
Encodings 2014
Encodings 2014

[Encodings 2014] Supported Encodings, Oracle, 2014.

Anchor
Enterprise 03
Enterprise 03

[Enterprise 2003] The O'Reilly Java Authors, Java Enterprise Best Practices, O'Reilly, Sebastopol, CA, 2003.

Anchor
ESA 05
ESA 05

[ESA 2005] Java Coding Standards, prepared by European Space Agency (ESA) Board for Software Standardisation and Control (BSSC), 2005.

Anchor
Fahl 2012
Fahl 2012

[Fahl 2012]  Fahl, Sascha, et al. "Why Eve and Mallory love Android: An analysis of Android SSL (in) security." Proceedings of the 2012 ACM Conference on Computer and Communications Security. ACM, 2012.

Anchor
Fairbanks 07
Fairbanks 07

[Fairbanks 2007] Design Fragments, Defense Technical Information Center, Ft. Belvoir, VA, 2007.

Anchor
FindBugs 08
FindBugs 08

[FindBugs 2008] FindBugs Bug Descriptions, 2008.

Anchor
Fisher 03
Fisher 03

[Fisher 2003] Maydene Fisher, Jon Ellis, and Jonathan Bruce, JDBC API Tutorial and Reference, 3rd ed., Addison-Wesley, Boston, 2003.

Anchor
Flanagan 05
Flanagan 05

[Flanagan 2005] David Flanagan, Java in a Nutshell, 5th ed., O'Reilly, Sebastopol, CA, 2005.

Anchor
Forman 05
Forman 05

[Forman 05] Ira R. Forman and Nate Forman, Java Reflection in Action, Manning Publications, Greenwich, CT, 2005.

Anchor
Fortify 08
Fortify 08
Anchor
Fortify 14
Fortify 14

[Fortify 2014] A Taxonomy of Coding Errors That Affect Security, Java/JSP, Fortify Software, 2014.

Anchor
Fox 01
Fox 01

[Fox 2001] Joshua Fox, When Is a Singleton Not a Singleton?, Sun Developer Network, 2001.

Anchor
Fritz 2014
Fritz 2014

[Fritz 2014] C. Fritz, S. Arzt, S. Rasthofer, E. Bodden, A. Bartel, J. Klein,Y. le Traon, D. Octeau, and P. McDaniel. FlowDroid: Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps. In Proc. PLDI, 2014. To appear.

Anchor
FT 08
FT 08

[FT 2008] Function Table Class FunctionTable, Field detail, public static FuncLoader m_functions, 2008.

Anchor
Gafter 06
Gafter 06

[Gafter 2006] Neal Grafter, Neal Gafter's blog, 2006.

Anchor
Gamma 95
Gamma 95

[Gamma 1995] Erich Gamma, Richard Helm, Ralph Johnson, and John M. Vlissides, Design Patterns: Elements of Reusable Object-Oriented Software, Addison-Wesley Professional, Boston, 1995.

Anchor
Garfinkel 96
Garfinkel 96

[Garfinkel 1996] Simson Garfinkel and Gene Spafford, Practical UNIX & Internet Security, 2nd ed., O'Reilly, Sebastopol, CA, 1996.

Anchor
Garms 01
Garms 01

[Garms 2001] Jess Garms and Daniel Somerfield, Professional Java Security, Wrox Press, Chicago, 2001.

Anchor
GNU 13
GNU 13

[GNU 2013] GNU Coding Standards, Section 5.3, "Clean Use of C Constructs," Richard Stallman and other GNU Project volunteers, 2013

Anchor
Goetz 02
Goetz 02

[Goetz 2002] Brian Goetz, Java Theory and Practice: Don't Let the "this" Reference Escape during Construction, IBM developerWorks (Java technology), 2002.

Anchor
Goetz 04
Goetz 04

[Goetz 2004a] Brian Goetz, Java Theory and Practice: Garbage Collection and Performance, IBM developerWorks (Java technology), 2004.

Anchor
Goetz 04b
Goetz 04b

[Goetz 2004b] Brian Goetz, Java Theory and Practice: The Exceptions Debate: To Check, or Not to Check?, IBM developerWorks (Java technology), 2004.

Anchor
Goetz 04c
Goetz 04c

[Goetz 2004c] Brian Goetz, Java Theory and Practice: Going Atomic, IBM developerWorks (Java technology), 2004.

Anchor
Goetz 05
Goetz 05

[Goetz 2005a] Brian Goetz, Java Theory and Practice: Be a Good (Event) Listener, Guidelines for Writing and Supporting Event Listeners, IBM developerWorks (Java technology), 2005.

Anchor
Goetz 06
Goetz 06

[Goetz 2006a] Brian Goetz, Tim Peierls, Joshua Bloch, Joseph Bowbeer, David Holmes, and Doug Lea, Java Concurrency in Practice, Addison-Wesley Professional, Boston, 2006.

Anchor
Goetz 06b
Goetz 06b

[Goetz 2006b] Brian Goetz, Java Theory and Practice: Good Housekeeping Practices, IBM developerWorks (Java technology), 2006.

Anchor
Goetz 07
Goetz 07

[Goetz 2007] Brian Goetz, Java Theory and Practice: Managing Volatility, Guidelines for Using Volatile Variables, IBM developerWorks (Java technology), 2006.

Anchor
Goldberg 91
Goldberg 91

[Goldberg 1991] David Goldberg, What Every Computer Scientist Should Know about Floating-Point Arithmetic, Sun Microsystems, March 1991.

Anchor
Gong 03
Gong 03

[Gong 2003] Li Gong, Gary Ellison, and Mary Dageforde, Inside Java 2 Platform Security: Architecture, API Design, and Implementation, 2nd ed., Prentice Hall, Boston, 2003.

Anchor
Goodliffe 07
Goodliffe 07

[Goodliffe 2014] Pete Goodliffe, Code Craft: The Practice of Writing Excellent Code, No Starch Press, San Francisco, 2007

Anchor
Grand 02
Grand 02

[Grand 2002] Mark Grand, Patterns in Java, Volume 1, 2nd ed., Wiley, New York, 2002.

Anchor
Gray 1985
Gray 1985

[Gray 1985] Jim Gray,  Tandem TR 85.7 WHY DO COMPUTERS STOP AND WHAT CAN BE DONE ABOUT IT?, 1985.

Anchor
Greanier 00
Greanier 00

[Greanier 2000] Todd Greanier, Discover the Secrets of the Java Serialization API, Sun Developer Network (SDN), 2000.

Anchor
Green 08
Green 08

[Green 2008] Roedy Green, Canadian Mind Products Java & Internet Glossary, 2008.

Anchor
Grigg 06
Grigg 06

[Grigg 2006] Jeffery Grigg, Reflection On Inner Classes, 2006.

Anchor
Grosso 01
Grosso 01

[Grosso 2001] William Grosso, Java RMI, O'Reilly, Sebastopol, CA, 2001.

Anchor
Grubb 03
Grubb 03

[Grubb 2003] Penny Grubb and Armstrong A. Takang, Software Maintenance: Concepts and Practice, 2nd ed., World Scientific, River Edge, NJ, 2003.

Anchor
Guillardoy 12
Guillardoy 12

[Guillardoy 2012] Esteban Guillardoy, Java 0Day Analysis (CVE-2012-4681), 2012.

Anchor
Gupta 05
Gupta 05

[Gupta 2005] Satish Chandra Gupta and Rajeev Palanki, Java Memory Leaks - Catch Me If You Can, 2005.

Anchor
Haack 06
Haack 06

[Haack 2006] Christian Haack, Erik Poll, Jan Schafer and Aleksy Schubert, Immutable Objects in Java, 2006.

Anchor
Haggar 00
Haggar 00

[Haggar 2000] Peter Haggar, Practical Java™ Programming Language Guide, Addison-Wesley Professional, Boston, 2000.

Anchor
Halloway 00
Halloway 00

[Halloway 2000] Stuart Halloway, Java Developer Connection Tech Tips, March 28, 2000.

Anchor
Halloway 01
Halloway 01

[Halloway 2001] Stuart Halloway, Java Developer Connection Tech Tips, January 30, 2001.

Anchor
Harold 97
Harold 97

[Harold 1997] Elliotte Rusty Harold, Java Secrets, Wiley, New York, 1997.

Anchor
Harold 99
Harold 99

[Harold 1999] Elliotte Rusty Harold, Java I/O, O'Reilly, Sebastopol, CA, 1999.

Anchor
Harold 06
Harold 06

[Harold 2006] Elliotte Rusty Harold, Java I/O, 2nd ed., O'Reilly, Sebastopol, CA, 2006.

Anchor
Hatton 1995
Hatton 1995

[Hatton 1995] Les Hatton, Safer C: Developing Software for High-Integrity and Safety-Critical Systems, McGraw-Hill, New York, 1995.

Anchor
Hawtin 08
Hawtin 08

[Hawtin 2008] Thomas Hawtin, Secure Coding Antipatterns: Preventing Attacks and Avoiding Vulnerabilities, Sun Microsystems, Make it Fly 2008, London, 2008.

Anchor
Havelund 09
Havelund 09

[Havelund 2009] Klaus Havelund and Al Niessner, JPL Coding Standard, version 1.1, California Institute of Technology, 2009.

Anchor
Heffley 2004
Heffley 2004

[Heffley 2004] J. Heffley and P. Meunier, Can Source Code Auditing Software Identify Common Vulnerabilities and Be Used to Evaluate Software Security? Proceedings of the 37th Annual Hawaii International Conference on System Sciences (HICSS–04), Track 9, Volume 9, IEEE Computer Society, January 2004.

Anchor
Henney 03
Henney 03

[Henney 2003] Kevlin Henney, Null Object, Something for Nothing, 2003.

Anchor
HP 15
HP 15

[Hewlett-Packard 2015] Hewlett-Packard Development Company, J2EE Bad Practices: Leftover Debug Code [generated from version 2015.1.0.0009 of the Fortify Secure Coding Rulepacks], 2015.

Anchor
Hirondelle 13
Hirondelle 13

[Hirondelle 2013] Passwords Never Clear in Text, Hirondelle Systems, 2013.

Anchor
Hitchens 02
Hitchens 02

[Hitchens 2002] Ron Hitchens, Java™ NIO, O'Reilly, Sebastopol, CA, 2002.

Anchor
Hovemeyer 07
Hovemeyer 07

[Hovemeyer 2007] David Hovemeyer and William Pugh, Finding More Null Pointer Bugs, But Not Too Many, Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program Analysis for Software Tools and Engineering, 2007.

Anchor
Howard 02
Howard 02

[Howard 2002] Michael Howard and David C. LeBlanc, Writing Secure Code, 2nd ed., Microsoft Press, Redmond, WA, 2002.

Anchor
Hughes 11
Hughes 11

[Hughes 2011] Elliott Hughes, JNI Local Reference Changes in ICS, November 2011.

Anchor
Hunt 98
Hunt 98

[Hunt 1998] J. Hunt and F. Long, Java's Reliability: An Analysis of Software Defects in Java, Software IEEE Proceedings, 1998.

Anchor
IEC 60812 2006
IEC 60812 2006

[IEC 60812 2006] Analysis Techniques for System Reliability — Procedure for Failure Mode and Effects Analysis (FMEA), 2nd ed., International Electrotechnical Commission, Geneva, Switzerland, 2006.

Anchor
IEEE 754 2006
IEEE 754 2006

[IEEE 754 2006] IEEE, Standard for Binary Floating-Point Arithmetic (IEEE 754-1985), 2006.

Anchor
IETF OAuth1.0a
IETF OAuth1.0a

 [IETF OAuth1.0a] Internet Engineering Task Force (IETF). OAuth core 1.0 revision a. http://oauth.net/core/1.0a/.

Anchor
IETF OAuth2.0
IETF OAuth2.0

 [IETF OAuth2.0] Internet Engineering Task Force (IETF). The OAuth 2.0 authorization framework. http://tools.ietf.org/html/rfc6749.

Anchor
Intrepidus 2012
Intrepidus 2012

[Intrepidus 2012] Intrepidus Group (Mobile Security), NDK File Permissions Gotcha and Fix , 2012.

Anchor
ISO/IEC 11889-1-2009
ISO/IEC 11889-1-2009
Anchor
ISO-IEC 11889-1-2009
ISO-IEC 11889-1-2009

[ISO/IEC 11889-1:2009] ISO/IEC. Information Technology—Trusted Platform Module—Part 1: Overview (ISO/IEC 11889-1:2009). Geneva, Switzerland: ISO, 2009.

Anchor
ISO/IEC TR 24772-2010
ISO/IEC TR 24772-2010

[ISO/IEC TR 24772:2010] ISO/IEC TR 24772. Information TechnologyProgramming LanguagesGuidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use, October 2010.

Anchor
ISO/IEC TR 24772-2013
ISO/IEC TR 24772-2013

[ISO/IEC TR 24772:2013] ISO/IEC TR 24772:2013. Information Technology—Programming Languages—Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use. Geneva, Switzerland: International Organization for Standardization, March 2013.

Anchor
J2SE 00
J2SE 00

[J2SE 2000] Java™ 2 SDK, Standard Edition Documentation, Sun Microsystems, J2SE Documentation version 1.3, Sun Microsystems, 2000.

Anchor
J2SE 11
J2SE 11

[J2SE 2011] Java™ SE 7 Documentation, J2SE Documentation version 1.7, Oracle Corporation, 2011.

Anchor
JarSpec 08
JarSpec 08

[JarSpec 2008] J2SE Documentation version 1.5, Jar File Specification, Sun Microsystems, 2000.

Anchor
Java 06
Java 06

[Java 2006] Java - The Java Application Launcher, Sun Microsystems, 2006.

Anchor
Java2NS 99
Java2NS 99

[Java2NS 1999] Marco Pistoia, Duane F. Reller, Deepak Gupta, Milind Nagnur, and Ashok K. Ramani, Java 2 Network Security, Prentice Hall, Upper Saddle River, NJ, 1999.

Anchor
JavaGenerics 04
JavaGenerics 04

[JavaGenerics 2004] Oracle, Generics, Sun Microsystems, 2004.

Anchor
JavaThreads 99
JavaThreads 99

[JavaThreads 1999] Scott Oaks and Henry Wong, Java Threads, 2nd ed., O'Reilly, Sebastopol, CA, 1999.

Anchor
JavaThreads 04
JavaThreads 04

[JavaThreads 2004] Scott Oaks and Henry Wong, Java Threads, 3rd ed., O'Reilly, Sebastopol, CA, 2004.

Anchor
Tutorials 08
Tutorials 08
Anchor
Java Tutorials
Java Tutorials
Anchor
Tutorials 15
Tutorials 15

[Java Tutorials] The Java Tutorials, Sun Microsystems, 1995, 2015.

Anchor
JCF 14
JCF 14

[JCF 2014] The Java Collections Framework, Oracle, 2014.

Anchor
JDK Bug 15
JDK Bug 15

[JDK Bug 2015] JDK Bug System, Oracle, 2015.

Anchor
JDK7 08
JDK7 08

[JDK7 2008] Java™ Platform, Standard Edition 7 documentation, Sun Microsystems, December 2008.

Anchor
JLS 05
JLS 05

[JLS 2005] James Gosling, Bill Joy, Guy Steele, and Gilad Bracha, The Java Language Specification, 3rd ed., Prentice Hall, Upper Saddle River, NJ, 2005.

Anchor
JLS 14
JLS 14
Anchor
JLS 15
JLS 15
Anchor
JLS 2015
JLS 2015

[JLS 2015] James Gosling, Bill Joy, Guy Steele, Gilad Bracha, and Alex Buckley, The Java® Language Specification, Java SE 8 Edition,   2015.

Anchor
JMX 06
JMX 06

[JMX 2006] Monitoring and Management for the Java Platform, Sun Microsystems, 2006.

Anchor
JMXG 06
JMXG 06

[JMXG 2006] Java SE Monitoring and Management Guide, Sun Microsystems, 2006.

Anchor
JNI 06
JNI 06

[JNI 2006] Java Native Interface, Sun Microsystems, 2006.

Anchor
JNISpec 14
JNISpec 14

[JNISpec 2014] Java Native Interface Specification, Oracle, 2014.

Anchor
JNItips
JNItips

[JNI Tips] Java Tips, Android Training.

Anchor
Jovanovic 06
Jovanovic 06

[Jovanovic 2006] Nenad Jovanovic, Christopher Kruegel, and Engin Kirda, Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper), Proceedings of the 2006 IEEE Symposium on Security and Privacy (S&P'06), pp. 258–263, May 21–24, 2006.

Anchor
JPDA 04
JPDA 04

[JPDA 2004] Java Platform Debugger Architecture (JPDA), Sun Microsystems, 2004.

Anchor
JPL 06
JPL 06

[JPL 2006] Ken Arnold, James Gosling, and David Holmes, The Java™ Programming Language, 4th ed., Addison-Wesley Professional, Boston, 2006.

Anchor
JSR-133 04
JSR-133 04

[JSR-133 2004] JSR-133: Java™ Memory Model and Thread Specification, 2004.

Anchor
JSSEC 13
JSSEC 13

[JSSEC 2013] Android Secure Design and Coding Guidebook, (in Japanese),Japan Smartphone Security Association, 2013.

Anchor
JSSEC 14
JSSEC 14

[JSSEC 2014] Android Application Secure Design / Secure Coding Guidebook, Japan Smartphone Security Association, 2014.

Anchor
JVMTI 06
JVMTI 06

[JVMTI 2006] Java Virtual Machine Tool Interface (JVM TI), Sun Microsystems, 2006.

Anchor
JVMSpec 99
JVMSpec 99

[JVMSpec 1999] The Java Virtual Machine Specification, Sun Microsystems, 1999.

Anchor
Kabanov 09
Kabanov 09

[Kabanov 2009] Jevgeni Kabanov, The Ultimate Java Puzzler, February 16th, 2009.

Anchor
Kabutz 01
Kabutz 01

[Kabutz 2001] Heinz M. Kabutz, The Java Specialists' Newsletter, 2001.

Anchor
Kalinovsky 04
Kalinovsky 04

[Kalinovsky 2004] Alex Kalinovsky, Covert Java: Techniques for Decompiling, Patching, and Reverse Engineering, SAMS Publishing, Boston, 2004.

Anchor
Klieber 2014
Klieber 2014

[Klieber 2014] William Klieber, Lori Flynn, Amar Bhosale, Limin Jia, and Lujo Bauer. Android Taint Flow Analysis for App Sets, ACM SIGPLAN International Workshop on the State Of the Art in Java Program Analysis, 2014.

Anchor
Knoernschild 01
Knoernschild 01

[Knoernschild 2001] Kirk Knoernschild, Java™ Design: Objects, UML, and Process, Addison-Wesley Professional, Boston, 2001.

Anchor
Lai 08
Lai 08

[Lai 2008] Charlie Lai, Java Insecurity: Accounting for Subtleties That Can Compromise Code, 2008.

Anchor
Langer 08
Langer 08

[Langer 2008] Angelica Langer, Practicalities – Programming with Java Generics, 2008.

Anchor
Laplante 05
Laplante 05

[Laplante 2005] Phillip A. Laplante, Colin J. Neill, Antipatterns: Identification, Refactoring, and Management, Auerbach Publications, Boca Raton, FL, 2005.

Anchor
Lea 00
Lea 00

[Lea 2000a] Doug Lea, Concurrent Programming in Java, 2nd ed., Addison-Wesley Professional, Boston, 2000.

Anchor
Lea 00b
Lea 00b

[Lea 2000b] Doug Lea and William Pugh, Correct and Efficient Synchronization of Java™ Technology based Threads, JavaOne Conference, 2000.

Anchor
Lea 08
Lea 08

[Lea 2008] Doug Lea, The JSR-133 Cookbook for Compiler Writers, 2008.

Anchor
Lee 09
Lee 09

[Lee 2009] Sangjin Lee, Mahesh Somani, and Debashis Saha, Robust and Scalable Concurrent Programming: Lessons from the Trenches, JavaOne Conference, 2009.

Anchor
Liang 97
Liang 97

[Liang 1997] Sheng Liang, The Java™ Native Interface, Programmer's Guide and Specification, Addison-Wesley Professional, Reading, MA, 1997.

Anchor
Liang 98
Liang 98

[Liang 1998] Sheng Liang and Gilad Bracha, Dynamic Class Loading in the Java™ Virtual Machine, Proceedings of the 13th ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, 1998.

Anchor
Lieberman 86
Lieberman 86

[Lieberman 1986] Henry Lieberman, Using Prototypical Objects to Implement Shared Behavior in Object-Oriented Systems, Proceedings on Object-Oriented Programming, Systems, Languages, and Applications, pp. 214–223 (ISSN 0362-1340), Massachusetts Institute of Technology, 1986.

Anchor
Lo 05
Lo 05

[Lo 2005] Chia-Tien Dan Lo, Witawas Srisa-an, and J. Morris Chang, Security Issues in Garbage Collection, STSC Crosstalk, October 2005.

Anchor
Long 05
Long 05

[Long 2005] Fred Long, Software Vulnerabilities in Java, CMU/SEI-2005-TN-044, Software Engineering Institute, Carnegie Mellon University, 2005.

Anchor
Long 13
Long 13

[Long 2013] Fred Long, Dhruv Mohindra, Robert C. Seacord, Dean F. Sutherland, and David Svoboda, Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs, Addison-Wesley Professional, Reading, MA, 2013.

Anchor
LSOD 02
LSOD 02

[LSOD 02] Last Stage of Delirium Research Group, Java and Java Virtual Machine Security. Poland: Last Stage of Delirium Research Group, 2002.

Anchor
Low 97
Low 97

[Low 1997] Douglas Low, Protecting Java Code via Obfuscation, Crossroads Volume 4, Issue 3, 1997.

Anchor
MacGregor 98
MacGregor 98

[MacGregor 1998] Robert MacGregor, Dave Durbin, John Owlett, and Andrew Yeomans, Java Network Security, Prentice Hall PTR, Upper Saddle River, NJ, 1998.

Anchor
Mahmoud 02
Mahmoud 02

[Mahmoud 2002] Qusay H. Mahmoud, Compressing and Decompressing Data Using Java APIs, Oracle, 2002.

Anchor
Mak 02
Mak 02

[Mak 2002] Ronald Mak, Java Number Cruncher: The Java Programmer's Guide to Numerical Computing, Prentice Hall PTR, Upper Saddle River, NJ, 2002.

Anchor
Manson 08
Manson 08

[Manson 2008] Jeremy Manson, Data-Race-ful Lazy Initialization for Performance [blog], 2008.

Anchor
Manson 04
Manson 04

[Manson 2004] Jeremy Manson and Brian Goetz, JSR 133 (Java Memory Model) FAQ, 2004.

Anchor
Manson 06
Manson 06

[Manson 2006] Jeremy Manson and William Pugh, The Java™ Memory Model: The Building Block of Concurrency, JavaOne Conference, 2006.

Anchor
Martin 96
Martin 96

[Martin 1996] Robert C. Martin, Granularity, 1996.

Anchor
Masson 2011
Masson 2011

[Masson 2011] Neil D. Masson, Tip: Secure Your Code against the Finalizer Vulnerability, IBM developerWorks, 2011.

Anchor
McCluskey 01
McCluskey 01

[McCluskey 2001] Glen McCluskey, Java Developer Connection Tech Tips, April 10, 2001.

Anchor
McGraw 99
McGraw 99

[McGraw 1999] Gary McGraw and Edward W. Felten, Securing Java, Getting Down to Business with Mobile Code, Wiley, New York, 1999.

Anchor
Mcgraw 98
Mcgraw 98

[McGraw 1998] Gary McGraw and Edward W. Felten, Twelve Rules for Developing More Secure Java Code, JavaWorld.com, 1998.

Anchor
Mettler 2010A
Mettler 2010A

[Mettler 2010a] Adrian Mettler, David Wagner, and T. Close, Joe-E: A Security-Oriented Subset of Java, 17th Network & Distributed System Security Symposium, 2010.

Anchor
Mettler 2010B
Mettler 2010B

[Mettler 2010b] Adrian Mettler and David Wagner, Class Properties for Security Review in an Object-Capability Subset of Java, Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS '10). ACM, Article 7, DOI=10.1145/1814217.1814224, 2010.

Anchor
Miller 09
Miller 09

[Miller 2009] Alex Miller, Java™ Platform Concurrency Gotchas, JavaOne Conference, 2009.

Anchor
MITRE 2011
MITRE 2011

[MITRE 2011] MITRE Corporation, Common Weakness Enumeration, 2011.

Anchor
Mocha 07
Mocha 07

[Mocha 2007] Mocha, the Java Decompiler, 2007.

Anchor
Monsch 06
Monsch 06

[Monsch 2006] Jan P. Monsch, Ruining Security with java.util.Random Version 1.0, 2006.

Anchor
MSDN 09
MSDN 09

[MSDN 2009] Microsoft Corporation, Using SQL Escape Sequences, 2009.

Anchor
Muchow 01
Muchow 01

[Muchow 2001] John W. Muchow, MIDlet Packaging with J2ME, ONJava.com, 2001.

Anchor
Müller 02
Müller 02

[Müller 2002] Dr. Andreas Müller and Geoffrey Simmons, Exception Handling: Common Problems and Best Practice with Java 1.4, Sun Microsystems GmbH, 2002.

Anchor
Naftalin 06
Naftalin 06

[Naftalin 2006a] Maurice Naftalin and Philip Wadler, Java Generics and Collections, O'Reilly, Sebastopol, CA, 2006.

Anchor
Naftalin 06b
Naftalin 06b

[Naftalin 2006b] Maurice Naftalin and Philip Wadler, Java™ Generics and Collections: Tools for Productivity, JavaOne Conference, 2007.

Anchor
Netzer 92
Netzer 92

[Netzer 1992] Robert H. B. Netzer and Barton P. Miller, What Are Race Conditions? Some Issues and Formalization, University of Wisconsin, Madison, 1992.

Anchor
Neward 04
Neward 04

[Neward 2004] Ted Neward, Effective Enterprise Java, Addison-Wesley Professional, Boston, 2004.

Anchor
Nisewanger 07
Nisewanger 07

[Nisewanger 2007] Jeff Nisewanger, Avoiding Antipatterns, JavaOne Conference, 2007.

Anchor
Nolan 04
Nolan 04

[Nolan 2004] Godfrey Nolan, Decompiling Java, Apress, Berkley, CA, 2004.

Anchor
Oaks 01
Oaks 01

[Oaks 2001] Scott Oaks, Java Security, O'Reilly, Sebastopol, CA, 2001.

Anchor
Octeau 2013
Octeau 2013

[Octeau 2013] D. Octeau, P. McDaniel, S. Jha, A. Bartel, E. Bodden, J. Klein, and Y. Le Traon. Effective Inter-component communication mapping in Android with Epicc: An essential step towards holistic security analysis. In Proc. USENIX Security, 2013.

Anchor
Open Group 04
Open Group 04

[Open Group 2004] The IEEE and The Open Group, The Open Group Base Specifications Issue 6, 2004.

Anchor
Oracle 10
Oracle 10
Anchor
Oracle 10b
Oracle 10b

[Oracle 2010a] Java SE 6 HotSpot™ Virtual Machine Garbage Collection Tuning, Oracle, 2010.

Anchor
Oracle 10b
Oracle 10b

[Oracle 2010b] New I/O APIs, Oracle, 2010.

Anchor
Oracle 11a
Oracle 11a

[Oracle 2011a] Java PKI Programmer's Guide, Oracle, 2011.

Anchor
Oracle 11b
Oracle 11b

[Oracle 2011b] Java Platform™, Standard Edition 6 Documentation, Oracle, 2011.

Anchor
Oracle 11c
Oracle 11c

[Oracle 2011c] Package javax.servelt.http, Oracle  2011.

Anchor
Oracle 11d
Oracle 11d

[Oracle 2011d] Permissions in the Java™ SE 6 Development Kit (JDK), Oracle, 2011.

Anchor
Oracle 13a
Oracle 13a

[Oracle 2013a] API for Privileged Blocks, Oracle, 1993/2013.

Anchor
Oracle 13b
Oracle 13b

[Oracle 2013b] Reading ASCII Passwords from an InputStream Example, Java Cryptography Architecture (JCA) Reference Guide, Oracle, 2013.

Anchor
Oracle 13c
Oracle 13c

[Oracle 2013c] Java Platform Standard Edition 7 Documentation, Oracle, 2013.

Anchor
Oracle 13d
Oracle 13d

[Oracle 2013d] Oracle Security Alert for CVE-2013-0422, Oracle, 2013.

Anchor
Oracle 14
Oracle 14

[Oracle 2014] Secure Coding Guidelines for Java SE, Version 5.0, Oracle, 2014.

Anchor
Oracle 15
Oracle 15

[Oracle 2015] Oracle GlassFish Server Performance Tuning Guide, Tuning the Java Runtime System, Oracle, 2015

...

[Masson 2011] Neil D. Masson, Tip: Secure Your Code against the Ffinalizer Vulnerability, IBM developerWorks, 2011.

AnchorMcCluskey 01McCluskey 01 [McCluskey 2001] Glen McCluskey, Java Developer Connection Tech Tips, April 10, 2001. AnchorMcGraw 99McGraw 99 [McGraw 1999] Gary McGraw and Edward W. Felten, Securing Java, Getting Down to Business with Mobile Code, Wiley, New York, 1999. AnchorMcgraw 98Mcgraw 98 [McGraw 1998] Gary McGraw and Edward W. Felten, Twelve Rles for Developing More Secure Java Code, JavaWorld.com, 1998. AnchorMettler 2010AMettler 2010A [Mettler 2010a] Adrian Mettler, David Wagner, and T. Close, Joe-E: A Security-Oriented Subset of Java, 17th Network & Distributed System Security Symposium, 2010. AnchorMettler 2010BMettler 2010B [Mettler 2010b] Adrian Mettler and David Wagner, Class Properties for Security Review in an Object-Capability Subset of Java, Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS '10). ACM, Article 7, DOI=10.1145/1814217.1814224, 2010. AnchorMiller 09Miller 09 [Miller 2009] Alex Miller, Java™ Platform Concurrency Gotchas, JavaOne Conference, 2009. AnchorMITRE 2011MITRE 2011 [MITRE 2011] MITRE Corporation, Common Weakness Enumeration, 2011. Available at http://cwe.mitre.org/. AnchorMocha 07Mocha 07 [Mocha 2007] Mocha, the Java Decompiler, 2007. AnchorMonsch 06Monsch 06 [Monsch 2006] Jan P. Monsch, Ruining Security with java.util.Random Version 1.0, 2006. AnchorMSDN 09MSDN 09 [MSDN 2009] Microsoft Corporation, Using SQL Escape Sequences, 2009. AnchorMuchow 01Muchow 01 [Muchow 2001] John W. Muchow, MIDlet Packaging with J2ME,ONJava.com, 2001. AnchorMüller 02Müller 02 [Müller 2002] Dr. Andreas Müller and Geoffrey Simmons, Exception Handling: Common Problems and Best Practice with Java 1.4, Sun Microsystems GmbH, 2002. AnchorNaftalin 06Naftalin 06 [Naftalin 2006a] Maurice Naftalin and Philip Wadler, Java Generics and Collections, O'Reilly, Sebastopol, CA, 2006. AnchorNaftalin 06bNaftalin 06b [Naftalin 2006b] Maurice Naftalin and Philip Wadler, Java™ Generics and Collections: Tools for Productivity, JavaOne Conference, 2007. AnchorNetzer 92Netzer 92 [Netzer 1992] Robert H. B. Netzer and Barton P. Miller, What Are Race Conditions? Some Issues and Formalization, University of Wisconsin, Madison, 1992. AnchorNeward 04Neward 04 [Neward 2004] Ted Neward, Effective Enterprise Java, Addison-Wesley Professional, Boston, MA, 2004. AnchorNisewanger 07Nisewanger 07 [Nisewanger 2007] Jeff Nisewanger, Avoiding Antipatterns, JavaOne Conference, 2007. AnchorNolan 04Nolan 04 [Nolan 2004] Godfrey Nolan, Decompiling Java, Apress, Berkley, CA, 2004. AnchorOaks 01Oaks 01 [Oaks 2001] Scott Oaks, Java Security, O'Reilly, Sebastopol, CA, 2001. AnchorOpen Group 04Open Group 04 [Open Group 2004] The IEEE and The Open Group, The Open Group Base Specifications Issue 6, 2004. AnchorOracle 10Oracle 10 [Oracle 2010a] Oracle Corporation, Java SE 6 HotSpot™ Virtual Machine Garbage Collection Tuning, 2010.

Anchor
OWASP 05
OWASP 05

[OWASP 2005] The Open Web Application Security Project, ] A Guide to Building Secure Web Applications and Web Services, Open Web Application Security Project (OWASP), 2005.

Anchor
OWASP 07
OWASP 07

[OWASP 2007] The Open Web Application Security Project, OWASP Top 10 for Java EE, OWASP, 2007.

Anchor
OWASP 09
OWASP 09

[OWASP 2009] Double Encoding, OWASP, 2009.

Anchor
OWASP 11
OWASP 11

[OWASP 2011] Open Web Application Security Project (OWASP), 2011Project (OWASP), 2011.

Anchor
OWASP 14a
OWASP 14a

[OWASP 2014a] Preventing LDAP Injection in Java, OWASP, 2014.

Anchor
OWASP 14
OWASP 14
Anchor
OWASP 14b
OWASP 14b

[OWASP 2014b]  XSS (Cross Site Scripting) Prevention Cheat Sheet, OWASP, 2014.

Anchor
PCI 10
PCI 10

[PCI 2010] PCI Security Standards Council, Payment Card Industry (PCI) Data Security Standard, Version 2.0, October, 2010.

...

Anchor
Philion 03
Philion 03

[Philion 2003] Paul Philion, Beware the dangers Dangers of generic Generic Exceptions, JavaWorld.com, 2003.

...

Anchor
Pistoia 04
Pistoia 04

[Pistoia 2004] Marco Pistoia, Nataraj Nagaratnam, Larry Koved, and Anthony Nadalin, Enterprise Java Security: Building Secure J2EE Applications, Addison-Wesley Professional, Boston, MA, 2004.

Anchor
Policy 02
Policy 02

[Policy 2002] Sun Microsystems, Default Policy Implementation and Policy File Syntax, Document revision 1.6, 2002.

Anchor
Pugh 04
Pugh 04

[Pugh 2004] William Pugh, The Java Memory Model (discussions reference), 2004.

Anchor
Pugh 08
Pugh 08

[Pugh 2008] William Pugh, Defective Java Code: Turning WTF Code into a Learning Experience, JavaOne Conference, 2008.

Anchor
Pugh 09
Pugh 09

[Pugh 2009] William Pugh, Defective Java Code: Mistakes That Matter, JavaOne Conference, 2009.

Anchor
Rapid7 14
Rapid7 14

[Rapid7 2014] Jeroen Frijters and Juan Vazquez, Java AtomicReferenceArray Type Violation Vulnerability, 2014.

Anchor
Reasoning 03
Reasoning 03

[Reasoning 2003] Reasoning Inspection Service Defect Data Tomcat v 1.4.24, November 14, 2003.

...

Anchor
Saltzer 74
Saltzer 74

[Saltzer 1974] J. H. Saltzer, Protection and the Control of Information Sharing in Multics. Communications of the ACM 17, 7 (July 1974): 388---402388–402.

Anchor
Saltzer 75
Saltzer 75

[Saltzer 1975] J. H. Saltzer and M. D. Schroeder, The Protection of Information in Computer Systems, Proceedings of the IEEE, Volume 63, Issue 9, 1975, 1278-13081278–1308.
Available at http://web.mit.edu/Saltzer/www/publications/protection/.

...

Anchor
Schildt 07
Schildt 07

[Schildt 2007] Herb Schildt, Herb Schildt's Java Programming Cookbook, McGraw-Hill, New York, 2007.

Anchor
Schindler 12
Schindler 12

Schindler, Uwe. The Policeman’s Horror: Default Locales, Default Charsets, and Default Timezones, The Generics Policeman Blog, November 2012.

Anchor
Schneier 00
Schneier 00

[Schneier 2000] Bruce Schneier, Secrets and Lies—Digital Security in a Networked World, Wiley, New York, 2000.

Anchor
Schönefeld Schönefeld 02Schönefeld
Schönefeld 02

[Schönefeld 2002] Marc Schönefeld, Security Aspects in Java Bytecode Engineering, Blackhat Briefings 2002, Las Vegas, August 2002.

Anchor
Schönefeld Schönefeld 04Schönefeld
Schönefeld 04

[Schönefeld 2004] Marc Schönefeld, Java Vulnerabilities in Opera 7.54, BUGTRAQ Mailing List (bugtraq@securityfocus.com), November 2004.

...

Anchor
SDN 08
SDN 08

[SDN 2008] Sun Microsystems, SUN Developer Network, 1994-20081994–2008.

Anchor
Seacord 05
Seacord 05

[Seacord 2005] Robert C. Seacord, Secure Coding in C and C++, Addison-Wesley Professional, Boston, MA, 2005.

Anchor
Seacord 08
Seacord 08

[Seacord 2008] Robert C. Seacord,The CERT C Secure Coding Standard, Addison-Wesley Professional, Boston, MA, 2008.

Anchor
Seacord 10
Seacord 10

[Seacord 2010] Robert C. Seacord, William Dormann, James McCurley, Philip Miller, Robert Stoddard, David Svoboda, and Jefferson Welch, Source Code Analysis Laboratory (SCALe) for energy delivery systems, CMU/SEI-2010-TR-021, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA, December 2010.

Anchor
Seacord 13
Seacord 13

[Seacord 2013] Seacord, Robert C. Secure Coding in C and C++, 2nd ed. Boston: Addison-Wesley, 2013Addison-Wesley, Boston, 2013.

Anchor
Seacord2015
Seacord2015

[Seacord 2015] Seacord, Robert C. Secure Coding Rules for Java. Addison-Wesley Professional, Boston, 2013.

Anchor
SecArch 06
SecArch 06

[SecArch 2006] Sun Microsystems, Java 2 Platform Security Architecture, 2006.

Anchor
Secunia 08
Secunia 08

[Secunia 2008] Secunia ApS, Secunia Advisories, 2008.

Anchor
SecArch Security 06SecArch
Security 06

[SecArch Security 2006] Java Security Guides, Sun Microsystems, Java 2 Platform Security Architecture, 20062006.

Anchor
SecuritySpec 08
SecuritySpec 08

[SecuritySpec 2008] Sun Microsystems, Java Security Architecture, 2008.

Anchor
Sen 07
Sen 07

 [Sen 2007] Robi Sen, Avoid the Dangers of XPath Injection, IBM developerWorks, 2007.

Anchor
Shipilёv 2014
Shipilёv 2014Secunia 08Secunia 08

[Secunia 2008] Secunia ApS, Secunia Advisories, 2008Shipilёv 2014] Shipilёv, Aleksey, Safe Publication and Safe Initialization in Java, December 2014.

Anchor
Steel 05
Steel 05Security 06Security 06

[Security 2006] Java Security Guides, Sun Microsystems, Inc. (2006) AnchorSecuritySpec 08SecuritySpec 08 [SecuritySpec 2008] Sun Microsystems, Java Security Architecture, 2008. AnchorSen 07Sen 07 [Sen 2007] Robi Sen, Avoid the Dangers of XPath Injection, IBM developerWorks, 2007. AnchorSteel 05Steel 05 [Steel 2005] Christopher Steel, Ramesh Nagappan, and Ray Lai, Core Security Patterns: Best Practices and Strategies for J2EE™, Web Services, and Identity Management, Prentice Hall PTR, Upper Saddle River, NJ, 2005. AnchorSteele 1977Steele 1977 [Steele 1977] G.L. Steele, Arithmetic Shifting Considered Harmful, ACM SIGPLAN Notices, Volume 12, Issue 11 (1977)Steel 2005] Christopher Steel, Ramesh Nagappan, and Ray Lai, Core Security Patterns: Best Practices and Strategies for J2EE™, Web Services, and Identity Management, Prentice Hall PTR, Upper Saddle River, NJ, 2005.

Anchor
Steele 1977
Steele 1977

[Steele 1977] G.L. Steele, Arithmetic Shifting Considered Harmful, ACM SIGPLAN Notices, Volume 12, Issue 11 (1977), 61–69.

Anchor
Steinberg 05
Steinberg 05

[Steinberg 2005] Daniel H. Steinberg, Java Developer Connection Tech Tips Using the Varargs Language Feature, January 4, 2005.

Anchor
Sterbenz 06
Sterbenz 06

[Sterbenz 2006] Andreas Sterbenz and Charlie Lai, Secure Coding Antipatterns: Avoiding Vulnerabilities, Sun Microsystems, JavaOne Conference, 2006.

Anchor
Steuck 02
Steuck 02

[Steuck 2002] Gregory Steuck, XXE (Xml eXternal Entity) Attack, 2002.

Anchor
Sun 99
Sun 99

[Sun 1999] Why Are Thread.stop, Thread.suspend, Thread.resume and Runtime.runFinalizersOnExit Deprecated?, Sun Microsystems, 1999.

Anchor
Sun 02
Sun 02

[Sun 2002] Reflection, Sun Microsystems, 2002.

Anchor
Sun 03
Sun 03

[Sun 2003] Sun Microsystems, Sun ONE Application Server 7 Performance Tuning Guide, 2003.

Anchor
Sun 04a
Sun 04a

[Sun 2004a] Java Management Extensions (JMX), Sun Microsystems, 2004.

Anchor
Sun 04b
Sun 04b

[Sun 2004b] Java Object Serialization Specification, Version 1.5.0, Sun Microsystems, 2004.

Anchor
Sun 04d
Sun 04d

[Sun 2004d] JVM Tool Interface, Sun Microsystems, 2004.

Anchor
Sun 06
Sun 06

[Sun 2006] Java™ Platform, Standard Edition 6 documentation, Sun Microsystems, 2006.

Anchor
Sun 08
Sun 08

[Sun 2008] Java™ Plug-in and Applet Architecture, Sun Microsystems, 2008.

Anchor
Sutherland 10
Sutherland 10

[Sutherland 2010] Dean F. Sutherland and William L. Scherlis, Composable Thread Coloring, Proceedings of the 15th ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming, Association for Computing Machinery, New York, 2010.

Anchor
Tanenbaum 03
Tanenbaum 03

[Tanenbaum 2003] Andrew S. Tanenbaum and Maarten Van Steen, Distributed Systems: Principles and Paradigms, 2nd ed., Prentice Hall, Upper Saddle River, NJ, 2003.

Anchor
Techtalk 07
Techtalk 07

[Techtalk 2007] Josh Bloch and William Pugh, The PhantomReference Menace. Attack of the Clone. Revenge of the Shift, JavaOne Conference, 2007.

Anchor
Tomcat 09
Tomcat 09

[Tomcat 2009] Apache Software Foundation, Changelog and Security fixes, Tomcat documentation, 2009.

Anchor
Unicode 2003
Unicode 2003

[Unicode 2003] The Unicode Consortium, The Unicode Standard, Version 4.0.0, defined by The Unicode Standard, Version 4.0, Addison-Wesley, Reading, MA, 2003.

Anchor
Unicode 2007
Unicode 2007

[Unicode 2007] The Unicode Consortium, The Unicode Standard, Version 5.1.0, defined by The Unicode Standard, Version 5.0, Addison-Wesley, Reading, MA, 2007, as amended by Unicode 5.1.0.

Anchor
Unicode 2011
Unicode 2011

[Unicode 2011] The Unicode Consortium, The Unicode Standard, Version 6.0.0, The Unicode Consortium, Mountain View, CA, 2011.

Anchor
Unicode 2012
Unicode 2012

[Unicode 2012] The Unicode Consortium. The Unicode Standard, Unicode 6.2.0, (Mountain View, CA: The Unicode Consortium, 2012. ISBN 978-1-936213-07-8)

Anchor
Urma 14
Urma 14

[Urma 2014] Raoul-Gabriel Urma, Tired of Null Pointer Exceptions? Consider Using Java SE 8's Optional!, Oracle, March 2014.

Anchor
Venners 97
Venners 97

[Venners 1997] Bill Venners, Security and the Class Loader Architecture, Java World.com, 1997.

Anchor
Venners 03
Venners 03

[Venners 2003] Bill Venners, Failure and Exceptions, A Conversation with James Gosling, Part II, Artima.com, 2003.

Anchor
Verify
Verify

[Verify] Verifying App Behavior on the Android Runtime (ART), Android.

Anchor
Vermeulen 00
Vermeulen 00

[Vermeulen 2000] Allan Vermeulen, Scott W. Ambler, Greg Bumgardner, Eldon Metz, Trevor Misfeldt, Jim Shur, and Patrick Thompson. The Elements of Java Style. Cambridge University Press, New York, 2000.

Anchor
viaForensics 14
viaForensics 14

[viaForensics 2014] Secure mobile development best practices, viaForensics LLC., 2014, 61-69. AnchorSteinberg 05Steinberg 05 [Steinberg 2005] Daniel H. Steinberg, Java Developer Connection Tech Tips Using the Varargs Language Feature, January 4, 2005. AnchorSterbenz 06Sterbenz 06 [Sterbenz 2006] Andreas Sterbenz and Charlie Lai, Secure Coding Antipatterns: Avoiding Vulnerabilities, Sun Microsystems, JavaOne Conference, 2006. AnchorSteuck 02Steuck 02 [Steuck 2002] Gregory Steuck, XXE (Xml eXternal Entity) Attack, 2002. AnchorSun 99Sun 99 [Sun 1999] Why Are Thread.stop, Thread.suspend, Thread.resume and Runtime.runFinalizersOnExit Deprecated?, Sun Microsystems, 1999. Anchor Sun 02 Sun 02 [Sun 2002] Reflection, Sun Microsystems, 2002) AnchorSun 03Sun 03 [Sun 2003] Sun Microsystems, Sun ONE Application Server 7 Performance Tuning Guide, 2003. Anchor Sun 04a Sun 04a [Sun 2004a] Java Management Extensions (JMX), Sun Microsystems, 2004. Anchor Sun 04b Sun 04b [Sun 2004b] Java Object Serialization Specification, Version 1.5.0, Sun Microsystems, 2004. Anchor Sun 04d Sun 04d [Sun 2004d] JVM Tool Interface, Sun Microsystems, 2004. AnchorSun 06Sun 06 [Sun 2006] Java™ Platform, Standard Edition 6 documentation, Sun Microsystems, 2006. AnchorSun 08Sun 08 [Sun 2008] Java™ Plug-in and Applet Architecture, Sun Microsystems, 2008. AnchorSutherland 10Sutherland 10 [Sutherland 2010] Dean F. Sutherland and William L. Scherlis, Composable Thread Coloring, Proceedings of the 15th ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming, Association for Computing Machinery, New York, 2010. Anchor Tanenbaum 03 Tanenbaum 03 [Tanenbaum 2003] Andrew S. Tanenbaum and Maarten Van Steen, Distributed Systems: Principles and Paradigms, 2nd ed., Prentice Hall, Upper Saddle River, NJ, 2003. AnchorTechtalk 07Techtalk 07 [Techtalk 2007] Josh Bloch and William Pugh, The PhantomReference Menace. Attack of the Clone. Revenge of the Shift., JavaOne Conference, 2007. AnchorTomcat 09Tomcat 09 [Tomcat 2009] Apache Software Foundation, Changelog and Security fixes, Tomcat documentation, 2009. AnchorTutorials 08Tutorials 08 [Tutorials 2008] The Java Tutorials, Sun Microsystems, 2008. AnchorUnicode 2003Unicode 2003 [Unicode 2003] The Unicode Consortium, The Unicode Standard, Version 4.0.0, defined by The Unicode Standard, Version 4.0, Addison-Wesley, Reading, MA, 2003. AnchorUnicode 2007Unicode 2007 [Unicode 2007] The Unicode Consortium, The Unicode Standard, Version 5.1.0, defined by The Unicode Standard, Version 5.0, Addison-Wesley, Reading, MA, 2007, as amended by Unicode 5.1.0. AnchorUnicode 2011Unicode 2011 [Unicode 2011] The Unicode Consortium, The Unicode Standard, Version 6.0.0, The Unicode Consortium, Mountain View, CA, 2011. AnchorVenners 97Venners 97 [Venners 1997] Bill Venners, Security and the Class Loader Architecture, Java World.com, 1997. AnchorVenners 03Venners 03 [Venners 2003] Bill Venners, Failure and Exceptions, A Conversation with James Gosling, Part II, Artima.com, 2003.

Anchor
W3C 08
W3C 08

[W3C 2008] Tim Bray, Jean Paoli, C. M. Sperberg-McQueen, Eve Maler, and François François Yergeau, Extensible Markup Language (XML) 1.0, 5th ed., W3C Recommendation, 2008.

Anchor
W3C 13
W3C 13

[W3C 2013] Andrei Popescu, Geolocation API Specification, W3C Recommendation, 2013.

Anchor
Ware 08
Ware 08

[Ware 2008] Michael S. Ware, Writing Secure Java Code: A Taxonomy of Heuristics and an Evaluation of Static Analysis Tools, Masters thesis, James Madison University, Harrisonburg, VA, 2008.

...