[Abadi 1996] Martin Abadi and Roger Needham, Prudent Engineering Practice for Cryptographic Protocols, IEEE Transactions on Software Engineering Volume 22, Issue 1, 1996, 6 - 15.
[API 2006] Java Platform, Standard Edition 6 API Specification, Sun Microsystems, 2006.
[Austin 2000] Calvin Austin and Monica Pawlan, Advanced Programming for the Java 2 Platform , Addison-Wesley Longman, Boston, 2000.
[Black 2004] Paul E. Black and Paul J. Tanenbaum, partial order, in Dictionary of Algorithms and Data Structures [online], Paul E. Black, ed., U.S. National Institute of Standards and Technology, December 17, 2004.
Available at http://xlinux.nist.gov/dads/HTML/partialorder.html.
[Black 2006] Paul E. Black and Paul J. Tanenbaum, total order, in Dictionary of Algorithms and Data Structures [online], Paul E. Black, ed., U.S. National Institute of Standards and Technology. March 30, 2006.
Available at http://xlinux.nist.gov/dads/HTML/totalorder.html.
[Bloch 2001] Joshua Bloch, Effective Java: Programming Language Guide, Addison-Wesley Professional, Boston, 2001.
[Bloch 2005a] Joshua Bloch and Neal Gafter, _Java⢠Puzzlers: Traps, Pitfalls, and Corner Cases_, Addison-Wesley Professional, Boston, 2005.
[Bloch 2005b] Joshua Bloch and Neal Gafter, Yet More Programming Puzzlers, JavaOne Conference, 2005.
[Bloch 2007] Joshua Bloch, Effective Java⢠Reloaded: This Time It's (Not) for Real, JavaOne Conference, 2007.
[Bloch 2008] Joshua Bloch, Effective Java, 2nd ed., Addison-Wesley Professional, Boston, 2008.
[Bloch 2009] Joshua Bloch and Neal Gafter, Return of the Puzzlers: Schlock and Awe, JavaOne Conference, 2009.
[Boehm 2005] Hans-J. Boehm, Finalization, Threads, and the Java⢠Technology-Based Memory Model, JavaOne Conference, 2005.
[Campione 1996] Mary Campione and Kathy Walrath, The Java Tutorial: Object-Oriented Programming for the Internet, Addison-Wesley, Reading, MA, 1996.
[CCITT 1988] CCITT. CCITT Blue Book, Recommendation X.509 and IS0 9594-8: The Directory-Authentication Framework, International Telecommunication Union, Geneva, 1988.
[Chan 1999] Patrick Chan, Rosanna Lee, and Douglas Kramer, The Java Class Libraries: Supplement for the Java 2 Platform, v1.2, 2nd ed., Volume 1, Prentice Hall, Upper Saddle River, NJ, 1999.
[Chess 2007] Brian Chess and Jacob West, Secure Programming with Static Analysis, Addison-Wesley Professional, Boston, MA, 2007.
[Christudas 2005] Internals of Java Class Loading, ONJava, 2005.
[Christey 2005] Christey, Steven M. Format String Vulnerabilities in Perl Programs (Full Disclosure mailing list archives), 2005 .
[Cohen 1981] On Holy Wars and a Plea for Peace, IEEE Computer, Volume 14, Issue 10, 1981.
[Conventions 2009] Code Conventions for the Java Programming Language, Sun Microsystems, 2009.
[CVE 2011] Common Vulnerabilities and Exposures, MITRE Corporation, 2011. Available at http://cve.mitre.org.
[Coomes 2007] John Coomes, Peter Kessler, and Tony Printezis, Garbage Collection-Friendly Programming, Java SE Garbage Collection Group, Sun Microsystems, JavaOne Conference, 2007.
[Core Java 2004] Cay S. Horstmann and Gary Cornell, _Core Java⢠2 Volume I - Fundamentals_, 7th ed., Prentice Hall PTR, Boston, 2004.
[Cunningham 1995] Ward Cunningham, The CHECKS Pattern Language of Information Integrity, in Pattern Languages of Program Design, James O Coplien and Douglas C Schmidt (eds.), Addison-Wesley Professional, Reading, MA, 1995.
[Daconta 2000] Michael C. Daconta, When Runtime.exec() Won't, JavaWorld.com, 2000.
[Daconta 2003] Michael C. Daconta, Kevin T. Smith, Donald Avondolio and W. Clay Richardson, More Java Pitfalls, Wiley Publishing, New York, 2003.
[Darwin 2004] Ian F. Darwin, Java Cookbook, O'Reilly, Sebastopol, CA, 2004.
[Davis 2008a] Mark Davis and Martin Dürst, Unicode Standard Annex #15, Unicode Normalization Forms, 2008.
[Davis 2008b] Mark Davis and Michel Suignard, Unicode Technical Report #36, Unicode Security Considerations, 2008.
[Dennis 1966] Jack B. Dennis and Earl C. Van Horn, Programming Semantics for Multiprogrammed Computations, Communications of the ACM Volume 9, Issue 3, March 1966, pp. 143-155, DOI=10.1145/365230.365252.
[DHS 2006] Build Security In, U.S. Department of Homeland Security, 2006.
[Dormann 2008] Will Dormann, Signed Java Applet Security: Worse than ActiveX?, CERT Vulnerability Analysis Blog, 2008.
[Doshi 2003] Gunjan Doshi, Best Practices for Exception Handling, ONJava.com, 2003.
[Dougherty 2009] Chad Dougherty, Kirk Sayre, Robert C. Seacord, David Svoboda, and Kazuya Togashi, Secure Design Patterns, CMU/SEI-2009-TR-010, Defense Technical Information Center, Ft. Belvoir, VA, 2009.
[Eclipse 2008] The Eclipse Platform, 2008.
[Encodings 2006] Supported Encodings, Sun Microsystems, 2006.
[EMA 2011] Java SE 6 Documentation, Extension Mechanism Architecture, Sun Microsystems, 2011.
[Enterprise 2003] The O'Reilly Java Authors, Java Enterprise Best Practices, O'Reilly, Sebastopol, CA, 2003.
[ESA 2005] Java Coding Standards, prepared by European Space Agency (ESA) Board for Software Standardisation and Control (BSSC), 2005.
[Fairbanks 2007] Design Fragments, Defense Technical Information Center, Ft. Belvoir, VA, 2007.
[FindBugs 2008] FindBugs Bug Descriptions, 2008.
[Fisher 2003] Maydene Fisher, Jon Ellis, and Jonathan Bruce, JDBC API Tutorial and Reference, 3rd ed., Addison-Wesley, Boston, MA, 2003.
[Flanagan 2005] David Flanagan, Java in a Nutshell, 5th ed., O'Reilly, Sebastopol, CA, 2005.
[Forman 05] Ira R. Forman and Nate Forman, Java Reflection in Action, Manning Publications, Greenwich, CT, 2005.
[Fortify 2008] A Taxonomy of Coding Errors that Affect Security, Java/JSP, Fortify Software, 2008.
[Fox 2001] Joshua Fox, When is a Singleton Not a Singleton?, Sun Developer Network, 2001.
[FT 2008] Function Table Class FunctionTable, Field detail, public static FuncLoader m_functions, 2008.
[Gafter 2006] Neal Grafter, Neal Gafter's blog, 2006.
[Gamma 1995] Erich Gamma, Richard Helm, Ralph Johnson, and John M. Vlissides, Design Patterns: Elements of Reusable Object-Oriented Software, Addison-Wesley Professional, Boston, MA, 1995.
[Garfinkel 1996] Simson Garfinkel and Gene Spafford, Practical UNIX & Internet Security, 2nd ed., O'Reilly, Sebastopol, CA, 1996.
[Garms 2001] Jess Garms and Daniel Somerfield, Professional Java Security, Wrox Press, Chicago, 2001.
[Goetz 2002] Brian Goetz, Java Theory and Practice: Don't Let the "this" Reference Escape during Construction, IBM developerWorks (Java technology), 2002.
[Goetz 2004a] Brian Goetz, Java Theory and Practice: Garbage Collection and Performance, IBM developerWorks (Java technology), 2004.
[Goetz 2004b] Brian Goetz,Java Theory and Practice: The Exceptions Debate: To Check, or Not to Check?, IBM developerWorks (Java technology), 2004.
[Goetz 2004c] Brian Goetz, Java Theory and Practice: Going Atomic, IBM developerWorks (Java technology), 2004.
[Goetz 2005a] Brian Goetz, Java Theory and Practice: Be a Good (Event) Listener, Guidelines for Writing and Supporting Event Listeners, IBM developerWorks (Java technology), 2005.
[Goetz 2005b] Brian Goetz, Java Theory and Practice: Plugging Memory Leaks with Weak References, IBM developerWorks (Java technology), 2005.
[Goetz 2006a] Brian Goetz, Tim Peierls, Joshua Bloch, Joseph Bowbeer, David Holmes, and Doug Lea, Java Concurrency in Practice, Addison-Wesley Professional, Boston, MA, 2006.
[Goetz 2006b] Brian Goetz, Java Theory and Practice: Good Housekeeping Practices, IBM developerWorks (Java technology), 2006.
[Goetz 2007] Brian Goetz, Java Theory and Practice: Managing Volatility, Guidelines for Using Volatile Variables, IBM developerWorks (Java technology), 2006.
[Goldberg 1991] David Goldberg, What Every Computer Scientist Should Know About Floating-Point Arithmetic, Sun Microsystems, March 1991.
[Gong 2003] Li Gong, Gary Ellison, and Mary Dageforde, Inside Java 2 Platform Security: Architecture, API Design, and Implementation, 2nd ed., Prentice Hall, Boston, MA, 2003.
[Grand 2002] Mark Grand, Patterns in Java, Volume 1, 2nd ed., Wiley, New York, 2002.
[Greanier 2000] Todd Greanier, Discover the Secrets of the Java Serialization API, Sun Developer Network (SDN), 2000.
[Green 2008] Roedy Green, Canadian Mind Products Java & Internet Glossary, 2008.
[Grigg 2006] Jeffery Grigg, Reflection On Inner Classes, 2006.
[Grosso 2001] William Grosso, Java RMI, O'Reilly, Sebastopol, CA, 2001.
[Gupta 2005] Satish Chandra Gupta and Rajeev Palanki, Java Memory Leaks - Catch Me If You Can, 2005.
[Haack 2006] Christian Haack, Erik Poll, Jan Schafer and Aleksy Schubert, Immutable Objects in Java, 2006.
[Haggar 2000] Peter Haggar, _Practical Java⢠Programming Language Guide_, Addison-Wesley Professional, Boston, MA, 2000.
[Halloway 2000] Stuart Halloway, Java Developer Connection Tech Tips, March 28, 2000.
[Halloway 2001] Stuart Halloway, Java Developer Connection Tech Tips, January 30, 2001.
[Harold 1997] Elliotte Rusty Harold, Java Secrets, Wiley, New York, 1997.
[Harold 1999] Elliotte Rusty Harold, Java I/O, O'Reilly, Sebastopol, CA, 1999.
[Harold 2006] Elliotte Rusty Harold, Java I/O, 2nd ed., O'Reilly, Sebastopol, CA, 2006.
[Hawtin 2008] Thomas Hawtin, Secure Coding Antipatterns: Preventing Attacks and Avoiding Vulnerabilities, Sun Microsystems, Make it Fly 2008, London. 2008.
[Heffley 2004] J. Heffley and P. Meunier, Can Source Code Auditing Software Identify Common Vulnerabilities and Be Used to Evaluate Software Security? _Proceedings of the 37th Annual Hawaii International Conference on System Sciences (HICSSâ04)_, Track 9, Volume 9, IEEE Computer Society, January 2004.
[Henney 2003] Kevlin Henney, Null Object, Something for Nothing, 2003.
[Hitchens 2002] Ron Hitchens, _Java⢠NIO_, O'Reilly, Sebastopol, CA, 2002.
[Hornig 2007] Charles Hornig, Advanced Java⢠Globalization,JavaOne Conference, 2007.
[Hovemeyer 2007] David Hovemeyer and William Pugh, Finding More Null Pointer Bugs, But Not Too Many, Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program Analysis for Software Tools and Engineering, 2007.
[Howard 2002] Michael Howard and David C. LeBlanc, Writing Secure Code, 2nd ed., Microsoft Press, Redmond, WA, 2002.
[Hunt 1998] J. Hunt and F. Long, Java's Reliability: An Analysis of Software Defects in Java, Software IEEE Proceedings, 1998.
[IEC 60812 2006] Analysis Techniques for System Reliability - Procedure for Failure Mode and Effects Analysis (FMEA), 2nd ed., International Electrotechnical Commission, Geneva, 2006.
[IEEE 754 2006] IEEE, Standard for Binary Floating-Point Arithmetic (IEEE 754-1985), 2006.
[ISO/IEC TR 24772:2010] ISO/IEC TR 24772. Information Technology — Programming Languages — Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use, October 2010.
[J2SE 2000] Java⢠2 SDK, Standard Edition Documentation, Sun Microsystems, J2SE Documentation version 1.3, Sun Microsystems, 2000.
[J2SE 2011] Java⢠SE 7 Documentation, J2SE Documentation version 1.7, Oracle Corporation, 2011.
[JarSpec 2008] J2SE Documentation version 1.5, Jar File Specification, Sun Microsystems, 2000.
[Java 2006] Java - The Java Application Launcher, Sun Microsystems, 2006.
[Java2NS 1999] Marco Pistoia, Duane F. Reller, Deepak Gupta, Milind Nagnur, and Ashok K. Ramani, Java 2 Network Security, Prentice Hall, Upper Saddle River, NJ, 1999.
[JavaGenerics 2004] Oracle, Generics, Sun Microsystems, 2004.
[JavaThreads 1999] Scott Oaks and Henry Wong, Java Threads, 2nd ed., O'Reilly, Sebastopol, CA, 1999.
[JavaThreads 2004] Scott Oaks and Henry Wong, Java Threads, 3rd ed., O'Reilly, Sebastopol, CA, 2004.
[JDK7 2008] Java⢠Platform, Standard Edition 7 documentation, Sun Microsystems, December 2008.
[JLS 2005] James Gosling, Bill Joy, Guy Steele, and Gilad Bracha, The Java Language Specification, 3rd ed., Prentice Hall, Upper Saddle River, NJ, 2005.
[JMX 2006] Monitoring and Management for the Java Platform, Sun Microsystems, 2006.
[JMXG 2006] Java SE Monitoring and Management Guide, Sun Microsystems, 2006.
[JNI 2006] Java Native Interface, Sun Microsystems, 2006.
[Jovanovic 2006] Nenad Jovanovic, Christopher Kruegel, and Engin Kirda, Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper), Proceedings of the 2006 IEEE Symposium on Security and Privacy (S&P'06), pp.258-263, May 21-24, 2006.
[JPDA 2004] Java Platform Debugger Architecture (JPDA), Sun Microsystems, 2004.
[JPL 2006] Ken Arnold, James Gosling, and David Holmes, _The Java⢠Programming Language_, 4th ed., Addison-Wesley Professional, Boston, MA, 2006.
[JSR-133 2004] JSR-133: Java⢠Memory Model and Thread Specification, 2004.
[JVMTI 2006] Java Virtual Machine Tool Interface (JVM TI), Sun Microsystems, 2006.
[JVMSpec 1999] The Java Virtual Machine Specification, Sun Microsystems, 1999.
[Kabanov 2009] Jevgeni Kabanov, The Ultimate Java Puzzler, February 16th, 2009.
[Kabutz 2001] Heinz M. Kabutz, The Java Specialists' Newsletter, 2001.
[Kalinovsky 2004] Alex Kalinovsky, Covert Java: Techniques for Decompiling, Patching, and Reverse Engineering, SAMS Publishing, Boston, 2004.
[Knoernschild 2001] Kirk Knoernschild, _Java⢠Design: Objects, UML, and Process_, Addison-Wesley Professional, Boston, MA, 2001.
[Lai 2008] Charlie Lai, Java Insecurity: Accounting for Subtleties That Can Compromise Code , 2008.
[Langer 2008] Angelica Langer, Practicalities – Programming with Java Generics, 2008.
[Laplante 2005] Phillip A. Laplante, Colin J. Neill, Antipatterns: Identification, Refactoring, and Management, Auerbach Publications, 2005.
[Lea 2000a] Doug Lea, Concurrent Programming in Java, 2nd ed., Addison-Wesley Professional, Boston, MA, 2000.
[Lea 2000b] Doug Lea and William Pugh, Correct and Efficient Synchronization of Java⢠Technology based Threads, JavaOne Conference, 2000.
[Lea 2008] Doug Lea, The JSR-133 Cookbook for Compiler Writers, 2008.
[Lee 2009] Sangjin Lee, Mahesh Somani, and Debashis Saha, Robust and Scalable Concurrent Programming: Lessons from the Trenches, JavaOne Conference, 2009.
[Liang 1997] Sheng Liang, _The Java⢠Native Interface, Programmer's Guide and Specification_, Addison-Wesley Professional, Reading, MA, 1997.
[Liang 1998] Sheng Liang and Gilad Bracha, Dynamic Class Loading in the Java⢠Virtual Machine, Proceedings of the 13th ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications, 1998.
[Lieberman 1986] Henry Lieberman, Using Prototypical Objects to Implement Shared Behavior in Object-Oriented Systems, Proceedings on Object-Oriented Programming, Systems, Languages, and Applications, pp. 214-223 (ISSN 0362-1340), Massachusetts Institute of Technology, 1986.
[Lo 2005] Chia-Tien Dan Lo, Witawas Srisa-an, and J. Morris Chang, Security Issues in Garbage Collection, STSC Crosstalk, October 2005.
[Long 2005] Fred Long, Software Vulnerabilities in Java, CMU/SEI-2005-TN-044, Software Engineering Institute, Carnegie Mellon University, 2005.
[LSOD 02] Last Stage of Delirium Research Group, Java and Java Virtual Machine Security. Poland: Last Stage of Delirium Research Group, 2002.
[Low 1997] Douglas Low, Protecting Java Code via Obfuscation, Crossroads Volume 4, Issue 3, 1997.
[MacGregor 1998] Robert MacGregor, Dave Durbin, John Owlett, and Andrew Yeomans, Java Network Security, Prentice Hall PTR, Upper Saddle River, NJ, 1998.
[Mahmoud 2002] Qusay H. Mahmoud, Compressing and Decompressing Data Using Java APIs, Oracle, 2002.
[Mak 2002] Ronald Mak, Java Number Cruncher: The Java Programmer's Guide to Numerical Computing, Prentice Hall PTR, Upper Saddle River, NJ, 2002.
[Manson 2004] Jeremy Manson and Brian Goetz, JSR 133 (Java Memory Model) FAQ, 2004.
[Manson 2006] Jeremy Manson and William Pugh, The Java⢠Memory Model: the building block of concurrency, JavaOne Conference, 2006.
[Martin 1996] Robert C. Martin, Granularity, 1996.
[McCluskey 2001] Glen McCluskey, Java Developer Connection Tech Tips, April 10, 2001.
[McGraw 1999] Gary McGraw and Edward W. Felten, Securing Java, Getting Down to Business with Mobile Code, Wiley, New York, 1999.
[McGraw 1998] Gary McGraw and Edward W. Felten, Twelve rules for developing more secure Java code, JavaWorld.com, 1998.
[Mettler 2010a] Adrian Mettler, David Wagner, and T. Close, Joe-E: A Security-Oriented Subset of Java, 17th Network & Distributed System Security Symposium, 2010.
[Mettler 2010b] Adrian Mettler and David Wagner, Class Properties for Security Review in an Object-Capability Subset of Java, Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS '10). ACM, Article 7, DOI=10.1145/1814217.1814224, 2010.
[Miller 2009] Alex Miller, Java⢠Platform Concurrency Gotchas, JavaOne Conference, 2009.
[MITRE 2011] MITRE Corporation, Common Weakness Enumeration, 2011. Available at http://cwe.mitre.org/.
[Mocha 2007] Mocha, the Java Decompiler, 2007.
[Monsch 2006] Jan P. Monsch, Ruining Security with java.util.Random Version 1.0, 2006.
[MSDN 2009] Microsoft Corporation, Using SQL Escape Sequences, 2009.
[Muchow 2001] John W. Muchow, MIDlet Packaging with J2ME,ONJava.com, 2001.
[Müller 2002] Dr. Andreas Müller and Geoffrey Simmons, Exception Handling: Common Problems and Best Practice with Java 1.4, Sun Microsystems GmbH, 2002.
[Naftalin 2006a] Maurice Naftalin and Philip Wadler, Java Generics and Collections, O'Reilly, Sebastopol, CA, 2006.
[Naftalin 2006b] Maurice Naftalin and Philip Wadler, Java⢠Generics and Collections: Tools for Productivity, JavaOne Conference, 2007.
[Netzer 1992] Robert H. B. Netzer and Barton P. Miller, What Are Race Conditions? Some Issues and Formalization, University of Wisconsin, Madison, 1992.
[Neward 2004] Ted Neward, Effective Enterprise Java, Addison-Wesley Professional, Boston, MA, 2004.
[Nisewanger 2007] Jeff Nisewanger, Avoiding Antipatterns, JavaOne Conference, 2007.
[Nolan 2004] Godfrey Nolan, Decompiling Java, Apress, Berkley, CA, 2004.
[Oaks 2001] Scott Oaks, Java Security, O'Reilly, Sebastopol, CA, 2001.
[Open Group 2004] The IEEE and The Open Group, The Open Group Base Specifications Issue 6, 2004.
[Oracle 2010a] Oracle Corporation, Java SE 6 HotSpot⢠Virtual Machine Garbage Collection Tuning, 2010.
[OWASP 2005] The Open Web Application Security Project, A Guide to Building Secure Web Applications and Web Services, 2005.
[OWASP 2007] The Open Web Application Security Project, OWASP Top 10 for Java EE, 2007.
[OWASP 2011] Open Web Application Security Project (OWASP), 2011.
[PCI 2010] PCI Security Standards Council, Payment Card Industry (PCI) Data Security Standard, Version 2.0, October, 2010.
[Permissions 2008] Permissions in the Java⢠SE 6 Development Kit (JDK), Sun Microsystems, 2008.
[Philion 2003] Paul Philion, Beware the dangers of generic Exceptions, JavaWorld.com, 2003.
[Phillips 2005] Addison P. Phillips, Are We Counting Bytes Yet?, 27th Internationalization and Unicode Conference, webMethods, 2005.
[Pistoia 2004] Marco Pistoia, Nataraj Nagaratnam, Larry Koved, and Anthony Nadalin, Enterprise Java Security: Building Secure J2EE Applications, Addison-Wesley Professional, Boston, MA, 2004.
[Policy 2002] Sun Microsystems, Default Policy Implementation and Policy File Syntax, Document revision 1.6, 2002.
[Pugh 2004] William Pugh, The Java Memory Model (discussions reference), 2004.
[Pugh 2008] William Pugh, Defective Java Code: Turning WTF Code into a Learning Experience, JavaOne Conference, 2008.
[Pugh 2009] William Pugh, Defective Java Code: Mistakes That Matter, JavaOne Conference, 2009.
[Reasoning 2003] Reasoning Inspection Service Defect Data Tomcat v 1.4.24, November 14, 2003.
[Reflect 2006] Sun Microsystems, Reflection, 2006.
[Rogue 2000] Vermeulen, Ambler, Metz, Misfeldt, Shur, and Thompson, The Elements of Java Style, Cambridge University Press, New York, 2000.
[Rotem 2008] Arnon Rotem-Gal-Oz, Fallacies of Distributed Computing Explained, 2008.
[Roubtsov 2003a] Vladimir Roubtsov, Breaking Java Exception-Handling Rules is Easy, JavaWorld.com, 2003.
[Roubtsov 2003b] Vladimir Roubtsov, Into the Mist of Serialization Myths, JavaWorld.com, 2003.
[Saltzer 1974] J. H. Saltzer, Protection and the Control of Information Sharing in Multics. Communications of the ACM 17, 7 (July 1974): 388---402.
[Saltzer 1975] J. H. Saltzer and M. D. Schroeder, The Protection of Information in Computer Systems, Proceedings of the IEEE, Volume 63, Issue 9, 1975, 1278-1308.
Available at http://web.mit.edu/Saltzer/www/publications/protection/.
[SCG 2009] Sun Microsystems, Secure Coding Guidelines for the Java Programming Language, version 3.0, 2009.
[Schildt 2007] Herb Schildt, Herb Schildt's Java Programming Cookbook, McGraw-Hill, New York, 2007.
[Schneier 2000] Bruce Schneier, Secrets and Lies---Digital Security in a Networked World, Wiley, New York, 2000.
[Schönefeld 2002] Marc Schönefeld, Security Aspects in Java Bytecode Engineering, Blackhat Briefings 2002, Las Vegas, August 2002.
[Schönefeld 2004] Marc Schönefeld, Java Vulnerabilities in Opera 7.54, BUGTRAQ Mailing List (bugtraq@securityfocus.com), November 2004.
[Schwarz 2004] Don Schwarz, Avoiding Checked Exceptions, ONJava 2004.
[Schweisguth 2003] Dave Schweisguth, Java Tip 134: When Catching Exceptions, Don't Cast Your Net Too Wide, Javaworld.com, 2003.
[SDN 2008] Sun Microsystems,SUN Developer Network, 1994-2008.
[Seacord 2005] Robert C. Seacord, Secure Coding in C and C++, Addison-Wesley Professional, Boston, MA, 2005.
[Seacord 2008] Robert C. Seacord, The CERT C Secure Coding Standard, Addison-Wesley Professional, Boston, MA, 2008.
[Seacord 2010] Robert C. Seacord, William Dormann, James McCurley, Philip Miller, Robert Stoddard, David Svoboda, and Jefferson Welch, Source Code Analysis Laboratory (SCALe) for energy delivery systems, CMU/SEI-2010-TR-021, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA, December 2010.
[SecArch 2006] Sun Microsystems, Java 2 Platform Security Architecture, 2006.
[Secunia 2008] Secunia ApS, Secunia Advisories, 2008.
[Security 2006] Java Security Guides, Sun Microsystems, Inc. (2006)
[SecuritySpec 2008] Sun Microsystems, Java Security Architecture, 2008.
[Sen 2007] Robi Sen, Avoid the Dangers of XPath Injection, IBM developerWorks, 2007.
[Steel 2005] Christopher Steel, Ramesh Nagappan, and Ray Lai, _Core Security Patterns: Best Practices and Strategies for J2EEâ¢, Web Services, and Identity Management_, Prentice Hall PTR, Upper Saddle River, NJ, 2005.
[Steele 1977] G.L. Steele, Arithmetic Shifting Considered Harmful, ACM SIGPLAN Notices, Volume 12, Issue 11 (1977), 61-69.
[Steinberg 2005] Daniel H. Steinberg, Java Developer Connection Tech Tips Using the Varargs Language Feature, January 4, 2005.
[Sterbenz 2006] Andreas Sterbenz and Charlie Lai, Secure Coding Antipatterns: Avoiding Vulnerabilities, Sun Microsystems, JavaOne Conference, 2006.
[Steuck 2002] Gregory Steuck, XXE (Xml eXternal Entity) Attack, 2002.
[Sun 1999] Why Are Thread.stop, Thread.suspend, Thread.resume and Runtime.runFinalizersOnExit Deprecated?, Sun Microsystems, 1999.
[Sun 2002] Reflection, Sun Microsystems, 2002)
[Sun 2003] Sun Microsystems, Sun ONE Application Server 7 Performance Tuning Guide, 2003.
[Sun 2004a] Java Management Extensions (JMX),, Sun Microsystems, 2004.
[Sun 2004b] Java Object Serialization Specification, Version 1.5.0, Sun Microsystems, 2004.
[Sun 2004d] JVM Tool Interface, Sun Microsystems, 2004.
[Sun 2006] Java⢠Platform, Standard Edition 6 documentation, Sun Microsystems, 2006.
[Sun 2008] Java⢠Plug-in and Applet Architecture, Sun Microsystems, 2008.
[Sutherland 2010] Dean F. Sutherland and William L. Scherlis, Composable Thread Coloring, Proceedings of the 15th ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming, Association for Computing Machinery, New York, 2010.
[Tanenbaum 2003] Andrew S. Tanenbaum and Maarten Van Steen, Distributed Systems: Principles and Paradigms, 2nd ed., Prentice Hall, Upper Saddle River, NJ, 2003.
[Techtalk 2007] Josh Bloch and William Pugh, The PhantomReference Menace. Attack of the Clone. Revenge of the Shift., JavaOne Conference, 2007.
[Tomcat 2009] Apache Software Foundation,Changelog and Security fixes, Tomcat documentation, 2009.
[Tutorials 2008] The Java Tutorials, Sun Microsystems, 2008.
[Unicode 2003] The Unicode Consortium, The Unicode Standard, Version 4.0.0, defined by The Unicode Standard, Version 4.0, Addison-Wesley, Reading, MA, 2003.
[Unicode 2007] The Unicode Consortium, The Unicode Standard, Version 5.1.0, defined by The Unicode Standard, Version 5.0, Addison-Wesley, Reading, MA, 2007, as amended by Unicode 5.1.0.
[Unicode 2011] The Unicode Consortium, The Unicode Standard, Version 6.0.0, The Unicode Consortium, Mountain View, CA, 2011.
[Venners 1997] Bill Venners, Security and the Class Loader Architecture, Java World.com, 1997.
[Venners 2003] Bill Venners, Failure and Exceptions, A Conversation with James Gosling, Part II, Artima.com, 2003.
[VU#948385] Perl contains an integer sign error in format string processing, US CERT Vulnerability Note, 2005.
[W3C 2008] Tim Bray, Jean Paoli, C. M. Sperberg-McQueen, Eve Maler, and François Yergeau, Extensible Markup Language (XML) 1.0, 5th ed., W3C Recommendation, 2008.
[Ware 2008] Michael S. Ware, Writing Secure Java Code: A Taxonomy of Heuristics and an Evaluation of Static Analysis Tools, Masters thesis, James Madison University, Harrisonburg, VA, 2008.
[Weber 2009] Chris Weber, Exploiting Unicode-enabled Software, CanSecWest, March 2009.
[Wheeler 2003] David A. Wheeler, Secure Programming for Linux and Unix HOWTO, 2003.
[White 2003] Tom White, Memoization in Java Using Dynamic Proxy Classes, August 2003.
[Zukowski 2004] John Zukowski, Creating Custom Security Permissions, Java Developer Connection Tech Tips, May 18, 2004.