SEI CERT Oracle Coding Standard for Java
The Java rules and recommendations in this wiki are a work in progress and reflect the current thinking of the secure coding community. Because this is a development website, many pages are incomplete or contain errors. As rules and recommendations mature, they are published in report or book form as official releases. These releases are issued as dictated by the needs and interests of the secure software development community.
Comments and Contributing
We provide access to the community members to contribute after subject matter expertise is verified.
For questions and comments about these standards, open a GitHub issue. For anything else, please submit feedback.
Front Matter
Rules
- Rule 00. Input Validation and Data Sanitization (IDS)
- Rule 01. Declarations and Initialization (DCL)
- Rule 02. Expressions (EXP)
- Rule 03. Numeric Types and Operations (NUM)
- Rule 04. Characters and Strings (STR)
- Rule 05. Object Orientation (OBJ)
- Rule 06. Methods (MET)
- Rule 07. Exceptional Behavior (ERR)
- Rule 08. Visibility and Atomicity (VNA)
- Rule 09. Locking (LCK)
- Rule 10. Thread APIs (THI)
- Rule 11. Thread Pools (TPS)
- Rule 12. Thread-Safety Miscellaneous (TSM)
- Rule 13. Input Output (FIO)
- Rule 14. Serialization (SER)
- Rule 15. Platform Security (SEC)
- Rule 16. Runtime Environment (ENV)
- Rule 17. Java Native Interface (JNI)
- Rule 49. Miscellaneous (MSC)
- Rule 50. Android (DRD)
Recommendations
- Rec. 00. Input Validation and Data Sanitization (IDS)
- Rec. 01. Declarations and Initialization (DCL)
- Rec. 02. Expressions (EXP)
- Rec. 03. Numeric Types and Operations (NUM)
- Rec. 04. Characters and Strings (STR)
- Rec. 05. Object Orientation (OBJ)
- Rec. 06. Methods (MET)
- Rec. 07. Exceptional Behavior (ERR)
- Rec. 13. Input Output (FIO)
- Rec. 15. Platform Security (SEC)
- Rec. 18. Concurrency (CON)
- Rec. 49. Miscellaneous (MSC)
Back Matter
Secure Java Coding Books
There are two books available that cover Java: one for rules and the other for guidelines.
The CERT Oracle Secure Coding Standard for Java provides rules for Java Platform Standard Edition 6 and Java SE 7.
Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs provides guidelines, recommendations, and examples to enable the creation of reliable, robust, fast, maintainable, and secure code.
Rules vs. Recomendations
This coding standard consists of rules and recommendations , collectively referred to as guidelines . Rules are meant to provide normative requirements for code, whereas recommendations are meant to provide guidance that, when followed, should improve the safety, reliability, and security of software systems. Learn more about the differences.
Source Code Analysis Laboratory (SCALe)
SCALe offers conformance testing of Java language software systems against the CERT Oracle Secure Coding Standard for Java.
Contact Us
Contact us if you
- have questions about the Secure Coding wiki
- have recommendations for standards in development
- want to request privileges to participate in standards development
Thank You!
We acknowledge the contributions of the following folks, and we look forward to seeing your name here as well.
Attachments:
button_arrow_up.png (image/png) button_arrow_right.png (image/png) button_arrow_left.png (image/png) Java_clr_hori.gif (image/gif) java-cover.jpg (image/jpeg) Java_Coding_Guidelines_cover.jpg (image/jpeg) Java_whtonred_hori.gif (image/gif) java_clr_vert.gif (image/gif) CERT_Oracle.png (image/png) Java.png (image/png)