Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library


The CERT Oracle Secure Coding Standard for Java

  • Abstract

    This is the first authoritative, comprehensive compilation of code-level requirements for building secure systems in Java. Organized by CERT's pioneering software security experts, with support from Oracle's own Java platform developers, it covers every facet of secure software coding with Java 7 SE and Java 6 SE, and offers value even to developers working with other Java versions. The authors itemize the most common coding errors leading to vulnerabilities in Java programs, and provide specific guidelines for avoiding each of them. They show how to produce programs that are not only secure, but also safer, more reliable, more robust, and easier to maintain. After a high-level introduction to Java application security, eighteen consistently organized chapters detail specific guidelines for each facet of Java development. Each set of guidelines defines conformance, presents both non-compliant examples and corresponding compliant solutions, shows how to assess risk, and offers references for further information. To limit this book's size, the authors focus on "normative requirements": strict rules for what programmers must do for their work to be secure, as defined by conformance to specific standards that can be tested through automated analysis software. (Note: A follow-up book will present "non-normative requirements": recommendations for what Java developers typically "should" do to further strengthen program security beyond testable "requirements.")

    Format: Paperbook

Cite This Book


title = {The CERT Oracle Secure Coding Standard for Java},
author={Fred Long and Dhruv Mohindra and Robert Seacord and Dean Sutherland and David Svoboda},
publisher={Addison-Wesley Professional},