Normative Guidelines

FIO52-J. Do not store unencrypted sensitive information on the client side
IDS01-J. Normalize strings before validating them
IDS50-J. Use conservative file naming conventions
LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code
LCK01-J. Do not synchronize on objects that may be reused
LCK03-J. Do not synchronize on the intrinsic locks of high-level concurrency objects
NUM53-J. Use the strictfp modifier for floating-point calculation consistency across platforms
SEC03-J. Do not load trusted classes after allowing untrusted code to load arbitrary classes
STR51-J. Use the charset encoder and decoder classes when more control over the encoding process is required