A system's security policy determines which information is sensitive. Sensitive data may include user information such as social security or credit card numbers, passwords, or private keys.
Java software components provide many opportunities to output sensitive information. Rules that address the mitigation of sensitive information disclosure include: