SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 327

changes.mady.by.user Robert Seacord (Manager)

Saved on

compared with

New Version Current

changes.mady.by.user Robert Schiela

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Removed unused ref.

Anchor
Abadi 96
Abadi 96

[Abadi 1996] Martin Abadi and Roger Needham, Prudent Engineering Practice for Cryptographic Protocols, IEEE Transactions on Software Engineering, Volume 22, Issue 1, 1996, 6–15.

Anchor
Aho 1986
Aho 1986

[Aho 1986] Aho, Alfred V.; Sethi, Ravi; Ullman, Jeffrey D. "Compilers: Principles, Techniques, and Tools" (2nd ed.), 1986.

 

Anchor
AndroidAPI 13
AndroidAPI 13

[Android API 2013] Android API. Package Index, Android, 2013.

...

Anchor
Apache 14
Apache 14

[Apache 2014] Apache Tika: A Content Analysis Toolkit, Apache Software Foundation, 2014.

Anchor
Apache 15
Apache 15

[Apache 2015] Apache Tomcat, Apache Software Foundation, 2015.

Anchor
API 06
API 06

[API 2006] Java Platform, Standard Edition 6 API Specification, Oracle, 2011.

...

Anchor
Chin 11
Chin 11

[Chin 2011] Erika Chin, Adrienne Porter Felt, Kate Greenwood, and David Wagner, Analyzing Inter-Application Communication in Android, Proc. MobiSys '11: Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services, pp. 239–252, ACM, New York, 2011.

...

Anchor
Egele 2013
Egele 2013

[Egele 2013] Manuel Egele, David Brumley, Yanick Fratantonio, and Christopher Kruegel. An Empirical Study of Cryptographic Misuse in Android Applications, Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp.73–84, 2013.

Anchor
EMA 2011
EMA 2011
Anchor
EMA 14
EMA 14

[EMA 20112014] Java SE 6 Documentation, Extension Mechanism Architecture, Oracle, Sun Microsystems1993, 20112014.

Anchor
Enck 09
Enck 09

[Enck 2009] William Enck, Machigar Ongtang, Patrick Drew McDaniel, and others. Understanding Android Security, IEEE Security & Privacy, vol. 7, 1, p. 50–57, 2009.

...

Anchor
Goetz 05
Goetz 05

[Goetz 2005a] Brian Goetz, Java Theory and Practice: Be a Good (Event) Listener, Guidelines for Writing and Supporting Event Listeners, IBM developerWorks (Java technology), 2005.

Anchor
Goetz 05b06
Goetz 05b06

[Goetz 2005b2006a] Brian Goetz, Java Theory and Practice: Plugging Memory Leaks with Weak References, IBM developerWorks (Java technology), 2005. AnchorGoetz 06Goetz 06 [Goetz 2006a] Brian Goetz, Tim PeierlsTim Peierls, Joshua Bloch, Joseph Bowbeer, David Holmes, and Doug Lea, Java Concurrency in Practice, Addison-Wesley Professional, Boston, 2006.

...

Anchor
Henney 03
Henney 03

[Henney 2003] Kevlin Henney, Null Object, Something for Nothing, 2003.

Anchor
HP 15
HP 15

[Hewlett-Packard 2015] Hewlett-Packard Development Company, J2EE Bad Practices: Leftover Debug Code [generated from version 2015.1.0.0009 of the Fortify Secure Coding Rulepacks], 2015.

Anchor
Hirondelle 13
Hirondelle 13

[Hirondelle 2013] Passwords Never Clear in Text, Hirondelle Systems, 2013.

Anchor
Hitchens 02
Hitchens 02

[Hitchens 2002] Ron Hitchens, Java™ NIO, O'Reilly, Sebastopol, CA, 2002. 

Anchor
Hovemeyer 07
Hovemeyer 07

[Hovemeyer 2007] David Hovemeyer and William Pugh, Finding More Null Pointer Bugs, But Not Too Many, Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program Analysis for Software Tools and Engineering, 2007.

...

Anchor
JavaThreads 04
JavaThreads 04

[JavaThreads 2004] Scott Oaks and Henry Wong, Java Threads, 3rd ed., O'Reilly, Sebastopol, CA, 2004.

Anchor
Tutorials 08
Tutorials 08
Anchor
Java Tutorials
Java Tutorials
Anchor
Tutorials 15
Tutorials 15

[Java Tutorials] The Java Tutorials, Sun Microsystems, 1995, 2015.

Anchor
JCF 14
JCF 14

[JCF 2014] The Java Collections Framework, Oracle, 2014.

Anchor
JDK Bug 15
JDK Bug 15

[JDK Bug 2015] JDK Bug System, Oracle, 2015.

Anchor
JDK7 08
JDK7 08

[JDK7 2008] Java™PlatformJava™ Platform, Standard Edition 7 documentation, Sun Microsystems, December 2008.

Anchor
JLS 05
JLS 05

[JLS 2005] James Gosling, Bill Joy, Guy Steele, and Gilad Bracha, The Java Language Specification, 3rd ed., Prentice Hall, Upper Saddle River, NJ, 2005.

Anchor
JLS 14
JLS 14
Anchor
JLS 15
JLS 15
Anchor
JLS 2015
JLS 2015

[JLS

...

2015] James Gosling, Bill Joy, Guy Steele, Gilad Bracha, and Alex Buckley, The

...

Java® Language Specification, Java SE 8 Edition,   

...

2015.

Anchor
JMX 06
JMX 06

[JMX 2006] Monitoring and Management for the Java Platform, Sun Microsystems, 2006.

...

Anchor
Mak 02
Mak 02

[Mak 2002] Ronald Mak, Java Number Cruncher: The Java Programmer's Guide to Numerical Computing, Prentice Hall PTR, Upper Saddle River, NJ, 2002.

Anchor
Manson 08
Manson 08

[Manson 2008] Jeremy Manson, Data-Race-ful Lazy Initialization for Performance [blog], 2008.

Anchor
Manson 04
Manson 04

[Manson 2004] Jeremy Manson and Brian Goetz, JSR 133 (Java Memory Model) FAQ, 2004.

...

Anchor
Mcgraw 98
Mcgraw 98

[McGraw 1998] Gary McGraw and Edward W. Felten, Twelve Rles Rules for Developing More Secure Java Code, JavaWorld.com, 1998.

...

[Oracle 2014] Secure Coding Guidelines for Java SE, Version 5.0, Oracle, 2014.

Anchor
Oracle 15
Oracle 15

[Oracle 2015] Oracle GlassFish Server Performance Tuning Guide, Tuning the Java Runtime System, Oracle, 2015.

Anchor
OWASP 05
OWASP 05

[OWASP 2005] A Guide to Building Secure Web Applications and Web Services, Open Web Application Security Project (OWASP), 2005.

...

Anchor
Pugh 08
Pugh 08

[Pugh 2008] William Pugh, Defective Java Code: Turning WTF Code into a Learning Experience, JavaOne Conference, 2008.

Anchor
Pugh 09
Pugh 09

[Pugh 2009] William Pugh, Defective Java Code: Mistakes That Matter, JavaOne Conference, 2009Pugh 2009] William Pugh, Defective Java Code: Mistakes That Matter, JavaOne Conference, 2009.

Anchor
Rapid7 14
Rapid7 14

[Rapid7 2014] Jeroen Frijters and Juan Vazquez, Java AtomicReferenceArray Type Violation Vulnerability, 2014.

Anchor
Reasoning 03
Reasoning 03

[Reasoning 2003] Reasoning Inspection Service Defect Data Tomcat v 1.4.24, November 14, 2003.

...

Anchor
Schildt 07
Schildt 07

[Schildt 2007] Herb Schildt, Herb Schildt's Java Programming Cookbook, McGraw-Hill, New York, 2007.

Anchor
Schindler 12
Schindler 12

Schindler, Uwe. The Policeman’s Horror: Default Locales, Default Charsets, and Default Timezones, The Generics Policeman Blog, November 2012.

Anchor
Schneier 00
Schneier 00

[Schneier 2000] Bruce Schneier, Secrets and Lies—Digital Security in a Networked World, Wiley, New York, 2000.

Anchor
Schönefeld Schönefeld 02Schönefeld
Schönefeld 02

[Schönefeld 2002] Marc Schönefeld, Security Aspects in Java Bytecode Engineering, Blackhat Briefings 2002, Las Vegas, August 2002.

Anchor
Schönefeld Schönefeld 04Schönefeld
Schönefeld 04

[Schönefeld 2004] Marc Schönefeld, Java Vulnerabilities in Opera 7.54, BUGTRAQ Mailing List (bugtraq@securityfocus.com), November 2004.

...

Anchor
Seacord 13
Seacord 13

[Seacord 2013] Seacord, Robert C. Secure Coding in C and C++, 2nd ed. Addison-Wesley, Boston, 2013.

Anchor
Seacord 2015Seacord2015Seacord 2015
Seacord2015

[Seacord 2015] Seacord, Robert C. Secure Coding Rules for Java. Addison-Wesley Professional, Boston, 2013.

...

Anchor
Tomcat 09
Tomcat 09

[Tomcat 2009] Apache Software Foundation, Changelog and Security fixes, Tomcat documentation, 2009.

Anchor
Tutorials 08Tutorials 08
[Tutorials 2008] The Java Tutorials, Sun Microsystems, 2008.
Anchor
Unicode 2003
Unicode 2003

[Unicode 2003] The Unicode Consortium, The Unicode Standard, Version 4.0.0, defined by The Unicode Standard, Version 4.0, Addison-Wesley, Reading, MA, 2003.

...

Anchor
Zukowski 04
Zukowski 04

[Zukowski 2004] John Zukowski, Creating Custom Security Permissions, Java Developer Connection Tech Tips, May 18, 2004.