[{"data":1,"prerenderedAt":5467},["ShallowReactive",2],{"global-navigation":3,"page-\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-aa-references":28,"surround-\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-aa-references":3881,"sidebar-sei-cert-oracle-coding-standard-for-java":3890},[4,8],{"title":5,"path":6,"_path":6,"fromAppConfig":7},"Home","\u002F",true,{"title":9,"path":10,"children":11,"_path":27,"fromAppConfig":7},"Coding Standards","\u002Fcoding-standards\u002F",[12,15,18,21,24],{"title":13,"path":14},"Android Coding Standard","\u002Fandroid-secure-coding-standard\u002F",{"title":16,"path":17},"C Coding Standard","\u002Fsei-cert-c-coding-standard\u002F",{"title":19,"path":20},"C++ Coding Standard","\u002Fsei-cert-cpp-coding-standard\u002F",{"title":22,"path":23},"Java Coding Standard","\u002Fsei-cert-oracle-coding-standard-for-java\u002F",{"title":25,"path":26},"Perl Coding Standard","\u002Fsei-cert-perl-coding-standard\u002F","\u002Fcoding-standards",{"id":29,"title":30,"body":31,"description":3871,"extension":3872,"meta":3873,"navigation":7,"path":3877,"seo":3878,"stem":3879,"__hash__":3880},"content\u002F6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F4.rule-aa-references.md","Rule AA. References",{"type":32,"value":33,"toc":3867},"minimark",[34,38,54,62,81,98,112,126,140,154,168,180,193,207,223,239,257,273,285,297,311,325,337,351,359,375,387,399,411,416,419,436,450,467,481,495,507,515,527,541,555,567,579,593,606,623,637,651,665,681,689,697,715,727,740,752,765,783,799,812,824,836,848,865,879,887,901,915,927,939,951,965,979,993,1006,1019,1033,1045,1059,1072,1086,1098,1110,1122,1130,1144,1157,1170,1184,1196,1210,1224,1237,1249,1263,1276,1288,1300,1311,1323,1337,1351,1363,1377,1391,1405,1413,1425,1441,1455,1467,1479,1493,1498,1506,1511,1518,1523,1532,1547,1566,1578,1592,1606,1619,1633,1645,1659,1671,1682,1702,1715,1729,1742,1758,1780,1793,1806,1819,1832,1845,1862,1875,1887,1901,1915,1929,1942,1956,1970,1982,1994,1999,2006,2017,2022,2030,2043,2057,2069,2083,2096,2109,2121,2137,2154,2171,2185,2190,2197,2213,2230,2242,2260,2272,2286,2299,2313,2327,2332,2341,2349,2361,2375,2383,2400,2413,2427,2440,2454,2468,2482,2496,2508,2521,2537,2549,2562,2574,2585,2590,2593,2606,2623,2635,2648,2661,2675,2688,2702,2718,2731,2744,2749,2757,2762,2776,2790,2804,2818,2831,2845,2861,2875,2888,2902,2916,2927,2941,2954,2968,2981,2995,3009,3022,3038,3051,3064,3077,3089,3108,3121,3133,3147,3159,3173,3186,3200,3214,3228,3243,3255,3263,3274,3288,3301,3314,3327,3340,3354,3359,3368,3380,3397,3411,3425,3439,3452,3465,3478,3491,3505,3518,3531,3544,3561,3577,3590,3610,3622,3638,3654,3671,3685,3705,3719,3733,3749,3767,3782,3796,3812,3826,3839,3853],[35,36,30],"h1",{"id":37},"rule-aa-references",[39,40,41,45,48,49,53],"p",{},[42,43],"a",{"id":44},"RuleAA.References-Abadi96",[46,47],"br",{},"\n[Abadi 1996] Martin Abadi and Roger Needham, Prudent Engineering Practice for Cryptographic Protocols, ",[50,51,52],"em",{},"IEEE Transactions on Software Engineering"," , Volume 22, Issue 1, 1996, 6–15.",[39,55,56,59,61],{},[42,57],{"id":58},"RuleAA.References-Aho1986",[46,60],{},"\n[Aho 1986] Aho, Alfred V.; Sethi, Ravi; Ullman, Jeffrey D. \" Compilers: Principles, Techniques, and Tools\" (2nd ed.), 1986.",[39,63,64,67,69,70,73,74,80],{},[42,65],{"id":66},"RuleAA.References-AndroidAPI13",[46,68],{},"\n[Android API 2013] ",[50,71,72],{},"Android API"," . ",[42,75,79],{"href":76,"rel":77},"http:\u002F\u002Fdeveloper.android.com\u002Freference\u002Fpackages.html",[78],"nofollow","Package Index"," , Android, 2013.",[39,82,83,86,88,89,92,93,80],{},[42,84],{"id":85},"RuleAA.References-AndroidGuides13",[46,87],{},"\n[Android Guide 2013] ",[50,90,91],{},"Android API Guides"," , ",[42,94,97],{"href":95,"rel":96},"http:\u002F\u002Fdeveloper.android.com\u002Fguide\u002Findex.html",[78],"Introduction to Android",[39,99,100,103,105,106,111],{},[42,101],{"id":102},"RuleAA.References-AndroidSecurity",[46,104],{},"\n[Android Security] ",[42,107,110],{"href":108,"rel":109},"https:\u002F\u002Fdeveloper.android.com\u002Ftraining\u002Farticles\u002Fsecurity-tips.html",[78],"Security Tips"," , Android Training.",[39,113,114,117,119,120,125],{},[42,115],{"id":116},"RuleAA.References-Apache14",[46,118],{},"\n[Apache 2014] ",[42,121,124],{"href":122,"rel":123},"http:\u002F\u002Ftika.apache.org\u002Findex.html",[78],"Apache Tika"," : A Content Analysis Toolkit, Apache Software Foundation, 2014.",[39,127,128,131,133,134,139],{},[42,129],{"id":130},"RuleAA.References-Apache15",[46,132],{},"\n[Apache 2015] ",[42,135,138],{"href":136,"rel":137},"http:\u002F\u002Ftomcat.apache.org\u002F",[78],"Apache Tomcat"," , Apache Software Foundation, 2015.",[39,141,142,145,147,148,153],{},[42,143],{"id":144},"RuleAA.References-API06",[46,146],{},"\n[API 2006] ",[42,149,152],{"href":150,"rel":151},"http:\u002F\u002Fjava.sun.com\u002Fjavase\u002F6\u002Fdocs\u002Fapi\u002F",[78],"Java Platform, Standard Edition 6 API Specification"," , Oracle, 2011.",[39,155,156,159,161,162,167],{},[42,157],{"id":158},"RuleAA.References-API12",[46,160],{},"\n[API 2012] ",[42,163,166],{"href":164,"rel":165},"http:\u002F\u002Fdocs.oracle.com\u002Fjavase\u002F7\u002Fdocs\u002Fapi\u002F",[78],"Java Platform, Standard Edition 7 API Specification"," , Oracle, 2012.",[39,169,170,173,175,176,179],{},[42,171],{"id":172},"RuleAA.References-API13",[46,174],{},"\n[API 2013] ",[42,177,166],{"href":164,"rel":178},[78]," , Oracle, 2013.",[39,181,182,185,187,188,179],{},[42,183],{"id":184},"RuleAA.References-J2EEAPI13",[46,186],{},"\n[J2EE API 2013] ",[42,189,192],{"href":190,"rel":191},"https:\u002F\u002Fdocs.oracle.com\u002Fjavaee\u002F7\u002Fapi\u002Ftoc.htm",[78],"Java Platform, Extended Edition 7 API Specification",[39,194,195,198,200,201,206],{},[42,196],{"id":197},"RuleAA.References-API14",[46,199],{},"\n[API 2014] ",[42,202,205],{"href":203,"rel":204},"http:\u002F\u002Fdocs.oracle.com\u002Fjavase\u002F8\u002Fdocs\u002Fapi\u002F",[78],"Java Platform, Standard Edition 8 API Specification"," , Oracle, 2014.",[39,208,209,212,214,215,222],{},[42,210],{"id":211},"RuleAA.References-Arnold06",[46,213],{},"\n[Arnold 2006] Ken Arnold, James Gosling, and David Holmes. ",[50,216,217,218,221],{},"The Java ",[50,219,220],{},"™"," Programming Language"," , 4th ed., Addison-Wesley, Boston, 2006.",[39,224,225,228,230,231,238],{},[42,226],{"id":227},"RuleAA.References-Austin00",[46,229],{},"\n[Austin 2000] Calvin Austin and Monica Pawlan, ",[42,232,235],{"href":233,"rel":234},"http:\u002F\u002Fjava.sun.com\u002Fdeveloper\u002FonlineTraining\u002FProgramming\u002FJDCBook\u002Findex.html#contents",[78],[50,236,237],{},"Advanced Programming for the Java 2 Platform"," , Addison-Wesley Longman, Boston, 2000.",[39,240,241,244,246,247,252,253,256],{},[42,242],{"id":243},"RuleAA.References-Black04",[46,245],{},"\n[Black 2004] Paul E. Black and Paul J. Tanenbaum, ",[42,248,251],{"href":249,"rel":250},"http:\u002F\u002Fxlinux.nist.gov\u002Fdads\u002FHTML\u002Fpartialorder.html",[78],"partial order"," , in ",[50,254,255],{},"Dictionary of Algorithms and Data Structures"," [online], Paul E. Black, ed., U.S. National Institute of Standards and Technology, December 17, 2004.",[39,258,259,262,264,265,252,270,272],{},[42,260],{"id":261},"RuleAA.References-Black06",[46,263],{},"\n[Black 2006] Paul E. Black and Paul J. Tanenbaum, ",[42,266,269],{"href":267,"rel":268},"http:\u002F\u002Fxlinux.nist.gov\u002Fdads\u002FHTML\u002Ftotalorder.html",[78],"total order",[50,271,255],{}," [online], Paul E. Black, ed., U.S. National Institute of Standards and Technology. March 30, 2006.",[39,274,275,278,280,281,284],{},[42,276],{"id":277},"RuleAA.References-Bloch01",[46,279],{},"\n[Bloch 2001] Joshua Bloch, ",[50,282,283],{},"Effective Java: Programming Language Guide"," , Addison-Wesley Professional, Boston, 2001.",[39,286,287,290,292,293,296],{},[42,288],{"id":289},"RuleAA.References-Bloch05",[46,291],{},"\n[Bloch 2005a] Joshua Bloch and Neal Gafter, ",[50,294,295],{},"Java™ Puzzlers: Traps, Pitfalls, and Corner Cases"," , Addison-Wesley Professional, Boston, 2005.",[39,298,299,302,304,305,310],{},[42,300],{"id":301},"RuleAA.References-Bloch05b",[46,303],{},"\n[Bloch 2005b] Joshua Bloch and Neal Gafter, ",[42,306,309],{"href":307,"rel":308},"http:\u002F\u002Fgceclub.sun.com.cn\u002Fjava_one_online\u002F2005\u002FTS-3738\u002F",[78],"Yet More Programming Puzzlers"," , JavaOne Conference, 2005.",[39,312,313,316,318,319,324],{},[42,314],{"id":315},"RuleAA.References-Bloch07",[46,317],{},"\n[Bloch 2007] Joshua Bloch, ",[42,320,323],{"href":321,"rel":322},"http:\u002F\u002Fdevelopers.sun.com\u002Flearning\u002Fjavaoneonline\u002F2007\u002Fpdf\u002FTS-2689.pdf",[78],"Effective Java™ Reloaded: This Time It's (Not) for Real"," , JavaOne Conference, 2007.",[39,326,327,330,332,333,336],{},[42,328],{"id":329},"RuleAA.References-Bloch08",[46,331],{},"\n[Bloch 2008] Joshua Bloch, ",[50,334,335],{},"Effective Java™: Programming Language Guide"," , 2nd ed., Addison-Wesley Professional, Boston, 2008.",[39,338,339,342,344,345,350],{},[42,340],{"id":341},"RuleAA.References-Bloch09",[46,343],{},"\n[Bloch 2009] Joshua Bloch and Neal Gafter, ",[42,346,349],{"href":347,"rel":348},"http:\u002F\u002Fdevelopers.sun.com\u002Flearning\u002Fjavaoneonline\u002Fsessions\u002F2009\u002Fpdf\u002FTS-5186.pdf",[78],"Return of the Puzzlers: Schlock and Awe"," , JavaOne Conference, 2009.",[39,352,353,356,358],{},[42,354],{"id":355},"RuleAA.References-Boehm05",[46,357],{},"\n[Boehm 2005] Hans-J. Boehm, Finalization, Threads, and the Java™ Technology-Based Memory Model, JavaOne Conference, 2005.",[39,360,361,364,366,367,374],{},[42,362],{"id":363},"RuleAA.References-Campione96",[46,365],{},"\n[Campione 1996] Mary Campione and Kathy Walrath, ",[42,368,371],{"href":369,"rel":370},"http:\u002F\u002Fwww.telecom.ntua.gr\u002FHTML.Tutorials\u002Findex.html",[78],[50,372,373],{},"The Java Tutorial: Object-Oriented Programming for the Internet"," , Addison-Wesley, Reading, MA, 1996.",[39,376,377,380,382,383,386],{},[42,378],{"id":379},"RuleAA.References-CCITT88",[46,381],{},"\n[CCITT 1988] International Telegraph and Telephone Consultative Committee (CCITT). ",[50,384,385],{},"CCITT Blue Book"," , Recommendation X.509 and IS0 9594-8: The Directory-Authentication Framework, International Telecommunication Union, Geneva, 1988.",[39,388,389,392,394,395,398],{},[42,390],{"id":391},"RuleAA.References-Chan99",[46,393],{},"\n[Chan 1999] Patrick Chan, Rosanna Lee, and Douglas Kramer, ",[50,396,397],{},"The Java Class Libraries: Supplement for the Java 2 Platform"," , Volume 1.2, 2nd ed., Prentice Hall, Upper Saddle River, NJ, 1999.",[39,400,401,404,406,407,410],{},[42,402],{"id":403},"RuleAA.References-Chess07",[46,405],{},"\n[Chess 2007] Brian Chess and Jacob West, ",[50,408,409],{},"Secure Programming with Static Analysis"," , Addison-Wesley Professional, Boston, 2007.",[39,412,413],{},[42,414],{"id":415},"RuleAA.References-Chen14",[39,417,418],{},"[Chen 14] Eric Chen, Yutong Pei, Shuo Chen, Yuan Tian, Robert Kotcher, and Patrick Tague. \"OAuth Demystified for Mobile Application Developers.\", 2014.",[39,420,421,424,426,427,92,432,435],{},[42,422],{"id":423},"RuleAA.References-Chin11",[46,425],{},"\n[Chin 2011] Erika Chin, Adrienne Porter Felt, Kate Greenwood, and David Wagner, ",[42,428,431],{"href":429,"rel":430},"https:\u002F\u002Fpeople.eecs.berkeley.edu\u002F~daw\u002Fpapers\u002Fintents-mobisys11.pdf",[78],"Analyzing Inter-Application Communication in Android",[50,433,434],{},"Proc. MobiSys '11: Proceedings of the 9th International Conference on Mobile Systems, Applications, and Services"," , pp. 239–252, ACM, New York, 2011.",[39,437,438,441,443,444,449],{},[42,439],{"id":440},"RuleAA.References-Christudas05",[46,442],{},"\n[Christudas 2005] ",[42,445,448],{"href":446,"rel":447},"http:\u002F\u002Fwww.onjava.com\u002Fpub\u002Fa\u002Fonjava\u002F2005\u002F01\u002F26\u002Fclassloading.html",[78],"Internals of Java Class Loading"," , ONJava, 2005.",[39,451,452,455,457,458,92,463,466],{},[42,453],{"id":454},"RuleAA.References-Cohen81",[46,456],{},"\n[Cohen 1981] ",[42,459,462],{"href":460,"rel":461},"http:\u002F\u002Fdx.doi.org\u002F10.1109\u002FC-M.1981.220208",[78],"On Holy Wars and a Plea for Peace",[50,464,465],{},"IEEE Computer"," , Volume 14, Issue 10, 1981.",[39,468,469,472,474,475,480],{},[42,470],{"id":471},"RuleAA.References-Conventions09",[46,473],{},"\n[Conventions 2009] ",[42,476,479],{"href":477,"rel":478},"http:\u002F\u002Fjava.sun.com\u002Fdocs\u002Fcodeconv\u002F",[78],"Code Conventions for the Java Programming Language"," , Sun Microsystems, 2009.",[39,482,483,486,488,489,494],{},[42,484],{"id":485},"RuleAA.References-Coomes07",[46,487],{},"\n[Coomes 2007] John Coomes, Peter Kessler, and Tony Printezis, ",[42,490,493],{"href":491,"rel":492},"http:\u002F\u002Fdevelopers.sun.com\u002Flearning\u002Fjavaoneonline\u002F2007\u002Fpdf\u002FTS-2906.pdf",[78],"Garbage Collection-Friendly Programming"," , Java SE Garbage Collection Group, Sun Microsystems, JavaOne Conference, 2007.",[39,496,497,500,502,503,506],{},[42,498],{"id":499},"RuleAA.References-CoreJava04",[46,501],{},"\n[Core Java 2004] Cay S. Horstmann and Gary Cornell, ",[50,504,505],{},"Core Java™ 2, Volume I, Fundamentals"," , 7th ed., Prentice Hall PTR, Boston, 2004.",[39,508,509,512,514],{},[42,510],{"id":511},"RuleAA.References-Coverity07",[46,513],{},"\n[Coverity 2007] Coverity Prevent User's Manual (3.3.0). Coverity, 2007.",[39,516,517,520,522,523,526],{},[42,518],{"id":519},"RuleAA.References-Cunningham95",[46,521],{},"\n[Cunningham 1995] Ward Cunningham, The CHECKS Pattern Language of Information Integrity, in ",[50,524,525],{},"Pattern Languages of Program Design"," , James O. Coplien and Douglas C. Schmidt (eds.), Addison-Wesley Professional, Reading, MA, 1995.",[39,528,529,532,534,535,540],{},[42,530],{"id":531},"RuleAA.References-CVE11",[46,533],{},"\n[CVE 2011] ",[42,536,539],{"href":537,"rel":538},"http:\u002F\u002Fcve.mitre.org",[78],"Common Vulnerabilities and Exposures"," , MITRE Corporation, 2011.",[39,542,543,546,548,549,554],{},[42,544],{"id":545},"RuleAA.References-Daconta00",[46,547],{},"\n[Daconta 2000] Michael C. Daconta, ",[42,550,553],{"href":551,"rel":552},"http:\u002F\u002Fwww.javaworld.com\u002Fjavaworld\u002Fjw-12-2000\u002Fjw-1229-traps.html",[78],"When Runtime.exec() Won't"," , JavaWorld.com, 2000.",[39,556,557,560,562,563,566],{},[42,558],{"id":559},"RuleAA.References-Daconta03",[46,561],{},"\n[Daconta 2003] Michael C. Daconta, Kevin T. Smith, Donald Avondolio, and W. Clay Richardson, ",[50,564,565],{},"More Java Pitfalls"," , Wiley, New York, 2003.",[39,568,569,572,574,575,578],{},[42,570],{"id":571},"RuleAA.References-Darwin04",[46,573],{},"\n[Darwin 2004] Ian F. Darwin, ",[50,576,577],{},"Java Cookbook"," , O'Reilly, Sebastopol, CA, 2004.",[39,580,581,584,586,587,592],{},[42,582],{"id":583},"RuleAA.References-Davis08",[46,585],{},"\n[Davis 2008a] Mark Davis and Ken Whistler, ",[42,588,591],{"href":589,"rel":590},"http:\u002F\u002Funicode.org\u002Freports\u002Ftr15\u002F",[78],"Unicode Standard Annex #15, Unicode Normalization Forms"," , 2008.",[39,594,595,598,600,601,592],{},[42,596],{"id":597},"RuleAA.References-Davis08b",[46,599],{},"\n[Davis 2008b] Mark Davis and Michel Suignard, ",[42,602,605],{"href":603,"rel":604},"http:\u002F\u002Fwww.unicode.org\u002Freports\u002Ftr36\u002F",[78],"Unicode Technical Report #36, Unicode Security Considerations",[39,607,608,611,613,614,92,619,622],{},[42,609],{"id":610},"RuleAA.References-Dennis1966",[46,612],{},"\n[Dennis 1966] Jack B. Dennis and Earl C. Van Horn, ",[42,615,618],{"href":616,"rel":617},"http:\u002F\u002Fdoi.acm.org\u002F10.1145\u002F365230.365252",[78],"Programming Semantics for Multiprogrammed Computations",[50,620,621],{},"Communications of the ACM"," , Volume 9, Issue 3, March 1966, pp. 143–155, DOI=10.1145\u002F365230.365252.",[39,624,625,628,630,631,636],{},[42,626],{"id":627},"RuleAA.References-DHS06",[46,629],{},"\n[DHS 2006] ",[42,632,635],{"href":633,"rel":634},"https:\u002F\u002Fbuildsecurityin.us-cert.gov\u002F",[78],"Build Security In"," , U.S. Department of Homeland Security, 2006.",[39,638,639,642,644,645,650],{},[42,640],{"id":641},"RuleAA.References-Dormann08",[46,643],{},"\n[Dormann 2008] Will Dormann, ",[42,646,649],{"href":647,"rel":648},"http:\u002F\u002Fwww.cert.org\u002Fblogs\u002Fvuls\u002F2008\u002F06\u002Fsigned_java_security_worse_tha.html",[78],"Signed Java Applet Security: Worse than ActiveX?"," , CERT Vulnerability Analysis Blog, 2008.",[39,652,653,656,658,659,664],{},[42,654],{"id":655},"RuleAA.References-Doshi03",[46,657],{},"\n[Doshi 2003] Gunjan Doshi, ",[42,660,663],{"href":661,"rel":662},"http:\u002F\u002Fwww.onjava.com\u002Fpub\u002Fa\u002Fonjava\u002F2003\u002F11\u002F19\u002Fexceptions.html",[78],"Best Practices for Exception Handling"," , ONJava.com, 2003.",[39,666,667,670,672,673,680],{},[42,668],{"id":669},"RuleAA.References-Dougherty2009",[46,671],{},"\n[Dougherty 2009] Chad Dougherty, Kirk Sayre, Robert C. Seacord, David Svoboda, and Kazuya Togashi, ",[42,674,677],{"href":675,"rel":676},"http:\u002F\u002Fwww.sei.cmu.edu\u002Flibrary\u002Fabstracts\u002Freports\u002F09tr010.cfm",[78],[50,678,679],{},"Secure Design Patterns"," , CMU\u002FSEI-2009-TR-010, Defense Technical Information Center, Ft. Belvoir, VA, 2009.",[39,682,683,686,688],{},[42,684],{"id":685},"RuleAA.References-Eclipse08",[46,687],{},"\n[Eclipse 2008] The Eclipse Platform, 2008.",[39,690,691,694,696],{},[42,692],{"id":693},"RuleAA.References-Egele2013",[46,695],{},"\n[Egele 2013] Manuel Egele, David Brumley, Yanick Fratantonio, and Christopher Kruegel. An Empirical Study of Cryptographic Misuse in Android Applications, Proceedings of the 2013 ACM SIGSAC Conference on Computer & Communications Security, pp.73–84, 2013.",[39,698,699,702,703,706,708,709,714],{},[42,700],{"id":701},"RuleAA.References-EMA2011"," ",[42,704],{"id":705},"RuleAA.References-EMA14",[46,707],{},"\n[EMA 2014] ",[42,710,713],{"href":711,"rel":712},"http:\u002F\u002Fdownload.oracle.com\u002Fjavase\u002F6\u002Fdocs\u002Ftechnotes\u002Fguides\u002Fextensions\u002Fspec.html",[78],"Java SE Documentation, Extension Mechanism Architecture"," , Oracle, 1993, 2014.",[39,716,717,720,722,723,726],{},[42,718],{"id":719},"RuleAA.References-Enck09",[46,721],{},"\n[Enck 2009] William Enck, Machigar Ongtang, Patrick Drew McDaniel, and others. Understanding Android Security, ",[50,724,725],{},"IEEE Security & Privacy,"," vol. 7, 1, p. 50–57, 2009.",[39,728,729,732,734,735,206],{},[42,730],{"id":731},"RuleAA.References-Encodings2014",[46,733],{},"\n[Encodings 2014] ",[42,736,739],{"href":737,"rel":738},"http:\u002F\u002Fdocs.oracle.com\u002Fjavase\u002F8\u002Fdocs\u002Ftechnotes\u002Fguides\u002Fintl\u002Fencoding.doc.html",[78],"Supported Encodings",[39,741,742,745,747,748,751],{},[42,743],{"id":744},"RuleAA.References-Enterprise03",[46,746],{},"\n[Enterprise 2003] The O'Reilly Java Authors, ",[50,749,750],{},"Java Enterprise Best Practices"," , O'Reilly, Sebastopol, CA, 2003.",[39,753,754,757,759,760,764],{},[42,755],{"id":756},"RuleAA.References-ESA05",[46,758],{},"\n[ESA 2005] ",[42,761,763],{"href":762},"ftp:\u002F\u002Fftp.estec.esa.nl\u002Fpub\u002Fwm\u002Fanonymous\u002Fwme\u002Fbssc\u002FJava-Coding-Standards-20050303-releaseA.pdf","Java Coding Standards"," , prepared by European Space Agency (ESA) Board for Software Standardisation and Control (BSSC), 2005.",[39,766,767,770,772,773,778,779,782],{},[42,768],{"id":769},"RuleAA.References-Fahl2012",[46,771],{},"\n[Fahl 2012]  Fahl, Sascha, et al. \" ",[42,774,777],{"href":775,"rel":776},"http:\u002F\u002Fwww2.dcsec.uni-hannover.de\u002Ffiles\u002Fandroid\u002Fp50-fahl.pdf",[78],"Why Eve and Mallory love Android: An analysis of Android SSL (in) security"," .\" ",[50,780,781],{},"Proceedings of the 2012 ACM Conference on Computer and Communications Security"," . ACM, 2012.",[39,784,785,788,790,791,798],{},[42,786],{"id":787},"RuleAA.References-Fairbanks07",[46,789],{},"\n[Fairbanks 2007] ",[42,792,795],{"href":793,"rel":794},"http:\u002F\u002Freports-archive.adm.cs.cmu.edu\u002Fanon\u002Fisri2007\u002Fabstracts\u002F07-108.html",[78],[50,796,797],{},"Design Fragments"," , Defense Technical Information Center, Ft. Belvoir, VA, 2007.",[39,800,801,804,806,807,592],{},[42,802],{"id":803},"RuleAA.References-FindBugs08",[46,805],{},"\n[FindBugs 2008] ",[42,808,811],{"href":809,"rel":810},"http:\u002F\u002Ffindbugs.sourceforge.net\u002FbugDescriptions.html",[78],"FindBugs Bug Descriptions",[39,813,814,817,819,820,823],{},[42,815],{"id":816},"RuleAA.References-Fisher03",[46,818],{},"\n[Fisher 2003] Maydene Fisher, Jon Ellis, and Jonathan Bruce, ",[50,821,822],{},"JDBC API Tutorial and Reference"," , 3rd ed., Addison-Wesley, Boston, 2003.",[39,825,826,829,831,832,835],{},[42,827],{"id":828},"RuleAA.References-Flanagan05",[46,830],{},"\n[Flanagan 2005] David Flanagan, ",[50,833,834],{},"Java in a Nutshell"," , 5th ed., O'Reilly, Sebastopol, CA, 2005.",[39,837,838,841,843,844,847],{},[42,839],{"id":840},"RuleAA.References-Forman05",[46,842],{},"\n[Forman 05] Ira R. Forman and Nate Forman, ",[50,845,846],{},"Java Reflection in Action"," , Manning Publications, Greenwich, CT, 2005.",[39,849,850,702,853,856,858,859,864],{},[42,851],{"id":852},"RuleAA.References-Fortify08",[42,854],{"id":855},"RuleAA.References-Fortify14",[46,857],{},"\n[Fortify 2014] ",[42,860,863],{"href":861,"rel":862},"http:\u002F\u002Fwww.fortify.com\u002Fvulncat\u002Fen\u002Fvulncat\u002Findex.html",[78],"A Taxonomy of Coding Errors That Affect Security"," , Java\u002FJSP, Fortify Software, 2014.",[39,866,867,870,872,873,878],{},[42,868],{"id":869},"RuleAA.References-Fox01",[46,871],{},"\n[Fox 2001] Joshua Fox, ",[42,874,877],{"href":875,"rel":876},"http:\u002F\u002Fwww.javaworld.com\u002Fjavaworld\u002Fjw-01-2001\u002Fjw-0112-singleton.html",[78],"When Is a Singleton Not a Singleton?"," , Sun Developer Network, 2001.",[39,880,881,884,886],{},[42,882],{"id":883},"RuleAA.References-Fritz2014",[46,885],{},"\n[Fritz 2014] C. Fritz, S. Arzt, S. Rasthofer, E. Bodden, A. Bartel, J. Klein,Y. le Traon, D. Octeau, and P. McDaniel. FlowDroid: Precise Context, Flow, Field, Object-sensitive and Lifecycle-aware Taint Analysis for Android Apps. In Proc. PLDI, 2014. To appear.",[39,888,889,892,894,895,900],{},[42,890],{"id":891},"RuleAA.References-FT08",[46,893],{},"\n[FT 2008] ",[42,896,899],{"href":897,"rel":898},"http:\u002F\u002Fwww.stylusstudio.com\u002Fapi\u002Fxalan-j_2_6_0\u002Forg\u002Fapache\u002Fxpath\u002Fcompiler\u002FFunctionTable.htm",[78],"Function Table"," Class FunctionTable, Field detail, public static FuncLoader m_functions, 2008.",[39,902,903,906,908,909,914],{},[42,904],{"id":905},"RuleAA.References-Gafter06",[46,907],{},"\n[Gafter 2006] Neal Grafter, ",[42,910,913],{"href":911,"rel":912},"http:\u002F\u002Fgafter.blogspot.com\u002F",[78],"Neal Gafter's blog"," , 2006.",[39,916,917,920,922,923,926],{},[42,918],{"id":919},"RuleAA.References-Gamma95",[46,921],{},"\n[Gamma 1995] Erich Gamma, Richard Helm, Ralph Johnson, and John M. Vlissides, ",[50,924,925],{},"Design Patterns: Elements of Reusable Object-Oriented Software"," , Addison-Wesley Professional, Boston, 1995.",[39,928,929,932,934,935,938],{},[42,930],{"id":931},"RuleAA.References-Garfinkel96",[46,933],{},"\n[Garfinkel 1996] Simson Garfinkel and Gene Spafford, ",[50,936,937],{},"Practical UNIX & Internet Security"," , 2nd ed., O'Reilly, Sebastopol, CA, 1996.",[39,940,941,944,946,947,950],{},[42,942],{"id":943},"RuleAA.References-Garms01",[46,945],{},"\n[Garms 2001] Jess Garms and Daniel Somerfield, ",[50,948,949],{},"Professional Java Security"," , Wrox Press, Chicago, 2001.",[39,952,953,956,958,959,964],{},[42,954],{"id":955},"RuleAA.References-GNU13",[46,957],{},"\n[GNU 2013] GNU Coding Standards, Section 5.3, \" ",[42,960,963],{"href":961,"rel":962},"http:\u002F\u002Fwww.gnu.org\u002Fprep\u002Fstandards\u002Fstandards.html#Syntactic-Conventions",[78],"Clean Use of C Constructs"," ,\" Richard Stallman and other GNU Project volunteers, 2013",[39,966,967,970,972,973,978],{},[42,968],{"id":969},"RuleAA.References-Goetz02",[46,971],{},"\n[Goetz 2002] Brian Goetz, ",[42,974,977],{"href":975,"rel":976},"http:\u002F\u002Fwww.ibm.com\u002Fdeveloperworks\u002Fjava\u002Flibrary\u002Fj-jtp0618.html",[78],"Java Theory and Practice: Don't Let the \"this\" Reference Escape during Construction"," , IBM developerWorks (Java technology), 2002.",[39,980,981,984,986,987,992],{},[42,982],{"id":983},"RuleAA.References-Goetz04",[46,985],{},"\n[Goetz 2004a] Brian Goetz, ",[42,988,991],{"href":989,"rel":990},"http:\u002F\u002Fwww.ibm.com\u002Fdeveloperworks\u002Fjava\u002Flibrary\u002Fj-jtp01274.html",[78],"Java Theory and Practice: Garbage Collection and Performance"," , IBM developerWorks (Java technology), 2004.",[39,994,995,998,1000,1001,992],{},[42,996],{"id":997},"RuleAA.References-Goetz04b",[46,999],{},"\n[Goetz 2004b] Brian Goetz, ",[42,1002,1005],{"href":1003,"rel":1004},"http:\u002F\u002Fwww.ibm.com\u002Fdeveloperworks\u002Flibrary\u002Fj-jtp05254.html",[78],"Java Theory and Practice: The Exceptions Debate: To Check, or Not to Check?",[39,1007,1008,1011,1013,1014,992],{},[42,1009],{"id":1010},"RuleAA.References-Goetz04c",[46,1012],{},"\n[Goetz 2004c] Brian Goetz, ",[42,1015,1018],{"href":1016,"rel":1017},"http:\u002F\u002Fwww.ibm.com\u002Fdeveloperworks\u002Fjava\u002Flibrary\u002Fj-jtp11234\u002F",[78],"Java Theory and Practice: Going Atomic",[39,1020,1021,1024,1026,1027,1032],{},[42,1022],{"id":1023},"RuleAA.References-Goetz05",[46,1025],{},"\n[Goetz 2005a] Brian Goetz, ",[42,1028,1031],{"href":1029,"rel":1030},"http:\u002F\u002Fwww.ibm.com\u002Fdeveloperworks\u002Fjava\u002Flibrary\u002Fj-jtp07265\u002Findex.html",[78],"Java Theory and Practice: Be a Good (Event) Listener, Guidelines for Writing and Supporting Event Listeners"," , IBM developerWorks (Java technology), 2005.",[39,1034,1035,1038,1040,1041,1044],{},[42,1036],{"id":1037},"RuleAA.References-Goetz06",[46,1039],{},"\n[Goetz 2006a] Brian Goetz, Tim Peierls, Joshua Bloch, Joseph Bowbeer, David Holmes, and Doug Lea, ",[50,1042,1043],{},"Java Concurrency in Practice"," , Addison-Wesley Professional, Boston, 2006.",[39,1046,1047,1050,1052,1053,1058],{},[42,1048],{"id":1049},"RuleAA.References-Goetz06b",[46,1051],{},"\n[Goetz 2006b] Brian Goetz, ",[42,1054,1057],{"href":1055,"rel":1056},"http:\u002F\u002Fwww.ibm.com\u002Fdeveloperworks\u002Fjava\u002Flibrary\u002Fj-jtp03216.html",[78],"Java Theory and Practice: Good Housekeeping Practices"," , IBM developerWorks (Java technology), 2006.",[39,1060,1061,1064,1066,1067,1058],{},[42,1062],{"id":1063},"RuleAA.References-Goetz07",[46,1065],{},"\n[Goetz 2007] Brian Goetz, ",[42,1068,1071],{"href":1069,"rel":1070},"http:\u002F\u002Fwww.ibm.com\u002Fdeveloperworks\u002Fjava\u002Flibrary\u002Fj-jtp06197.html",[78],"Java Theory and Practice: Managing Volatility, Guidelines for Using Volatile Variables",[39,1073,1074,1077,1079,1080,1085],{},[42,1075],{"id":1076},"RuleAA.References-Goldberg91",[46,1078],{},"\n[Goldberg 1991] David Goldberg, ",[42,1081,1084],{"href":1082,"rel":1083},"http:\u002F\u002Fdocs.sun.com\u002Fsource\u002F806-3568\u002Fncg_goldberg.html",[78],"What Every Computer Scientist Should Know about Floating-Point Arithmetic"," , Sun Microsystems, March 1991.",[39,1087,1088,1091,1093,1094,1097],{},[42,1089],{"id":1090},"RuleAA.References-Gong03",[46,1092],{},"\n[Gong 2003] Li Gong, Gary Ellison, and Mary Dageforde, ",[50,1095,1096],{},"Inside Java 2 Platform Security: Architecture, API Design, and Implementation"," , 2nd ed., Prentice Hall, Boston, 2003.",[39,1099,1100,1103,1105,1106,1109],{},[42,1101],{"id":1102},"RuleAA.References-Goodliffe07",[46,1104],{},"\n[Goodliffe 2014] Pete Goodliffe, ",[50,1107,1108],{},"Code Craft: The Practice of Writing Excellent Code"," , No Starch Press, San Francisco, 2007",[39,1111,1112,1115,1117,1118,1121],{},[42,1113],{"id":1114},"RuleAA.References-Grand02",[46,1116],{},"\n[Grand 2002] Mark Grand, ",[50,1119,1120],{},"Patterns in Java"," , Volume 1, 2nd ed., Wiley, New York, 2002.",[39,1123,1124,1127,1129],{},[42,1125],{"id":1126},"RuleAA.References-Gray1985",[46,1128],{},"\n[Gray 1985] Jim Gray,  Tandem TR 85.7 WHY DO COMPUTERS STOP AND WHAT CAN BE DONE ABOUT IT?, 1985.",[39,1131,1132,1135,1137,1138,1143],{},[42,1133],{"id":1134},"RuleAA.References-Greanier00",[46,1136],{},"\n[Greanier 2000] Todd Greanier, ",[42,1139,1142],{"href":1140,"rel":1141},"http:\u002F\u002Fjava.sun.com\u002Fdeveloper\u002FtechnicalArticles\u002FProgramming\u002Fserialization\u002F",[78],"Discover the Secrets of the Java Serialization API"," , Sun Developer Network (SDN), 2000.",[39,1145,1146,1149,1151,1152,592],{},[42,1147],{"id":1148},"RuleAA.References-Green08",[46,1150],{},"\n[Green 2008] Roedy Green, ",[42,1153,1156],{"href":1154,"rel":1155},"http:\u002F\u002Fmindprod.com\u002Fjgloss\u002Fjgloss.html",[78],"Canadian Mind Products Java & Internet Glossary",[39,1158,1159,1162,1164,1165,914],{},[42,1160],{"id":1161},"RuleAA.References-Grigg06",[46,1163],{},"\n[Grigg 2006] Jeffery Grigg, ",[42,1166,1169],{"href":1167,"rel":1168},"http:\u002F\u002Fwww.c2.com\u002Fcgi\u002Fwiki?ReflectionOnInnerClasses",[78],"Reflection On Inner Classes",[39,1171,1172,1175,1177,1178,1183],{},[42,1173],{"id":1174},"RuleAA.References-Grosso01",[46,1176],{},"\n[Grosso 2001] William Grosso, ",[42,1179,1182],{"href":1180,"rel":1181},"http:\u002F\u002Foreilly.com\u002Fcatalog\u002Fjavarmi\u002Fchapter\u002Fch10.html",[78],"Java RMI"," , O'Reilly, Sebastopol, CA, 2001.",[39,1185,1186,1189,1191,1192,1195],{},[42,1187],{"id":1188},"RuleAA.References-Grubb03",[46,1190],{},"\n[Grubb 2003] Penny Grubb and Armstrong A. Takang, ",[50,1193,1194],{},"Software Maintenance: Concepts and Practice"," , 2nd ed., World Scientific, River Edge, NJ, 2003.",[39,1197,1198,1201,1203,1204,1209],{},[42,1199],{"id":1200},"RuleAA.References-Guillardoy12",[46,1202],{},"\n[Guillardoy 2012] Esteban Guillardoy, ",[42,1205,1208],{"href":1206,"rel":1207},"http:\u002F\u002Fimmunityproducts.blogspot.com.ar\u002F2012\u002F08\u002Fjava-0day-analysis-cve-2012-4681.html",[78],"Java 0Day Analysis"," (CVE-2012-4681), 2012.",[39,1211,1212,1215,1217,1218,1223],{},[42,1213],{"id":1214},"RuleAA.References-Gupta05",[46,1216],{},"\n[Gupta 2005] Satish Chandra Gupta and Rajeev Palanki, ",[42,1219,1222],{"href":1220,"rel":1221},"http:\u002F\u002Fwww.ibm.com\u002Fdeveloperworks\u002Frational\u002Flibrary\u002F05\u002F0816_GuptaPalanki\u002F",[78],"Java Memory Leaks - Catch Me If You Can"," , 2005.",[39,1225,1226,1229,1231,1232,914],{},[42,1227],{"id":1228},"RuleAA.References-Haack06",[46,1230],{},"\n[Haack 2006] Christian Haack, Erik Poll, Jan Schafer and Aleksy Schubert, ",[42,1233,1236],{"href":1234,"rel":1235},"https:\u002F\u002Fpms.cs.ru.nl\u002Firis-diglib\u002Fsrc\u002FgetContent.php?id=2006-Haack-ObjectsImmutable",[78],"Immutable Objects in Java",[39,1238,1239,1242,1244,1245,1248],{},[42,1240],{"id":1241},"RuleAA.References-Haggar00",[46,1243],{},"\n[Haggar 2000] Peter Haggar, ",[50,1246,1247],{},"Practical Java™ Programming Language Guide"," , Addison-Wesley Professional, Boston, 2000.",[39,1250,1251,1254,1256,1257,1262],{},[42,1252],{"id":1253},"RuleAA.References-Halloway00",[46,1255],{},"\n[Halloway 2000] Stuart Halloway, ",[42,1258,1261],{"href":1259,"rel":1260},"http:\u002F\u002Fjava.sun.com\u002Fdeveloper\u002FTechTips\u002F2000\u002Ftt0328.html",[78],"Java Developer Connection Tech Tips"," , March 28, 2000.",[39,1264,1265,1268,1270,1271,1275],{},[42,1266],{"id":1267},"RuleAA.References-Halloway01",[46,1269],{},"\n[Halloway 2001] Stuart Halloway, ",[42,1272,1261],{"href":1273,"rel":1274},"http:\u002F\u002Fjava.sun.com\u002Fdeveloper\u002FJDCTechTips\u002F2001\u002Ftt0130.html",[78]," , January 30, 2001.",[39,1277,1278,1281,1283,1284,1287],{},[42,1279],{"id":1280},"RuleAA.References-Harold97",[46,1282],{},"\n[Harold 1997] Elliotte Rusty Harold, ",[50,1285,1286],{},"Java Secrets"," , Wiley, New York, 1997.",[39,1289,1290,1293,1295,1296,1299],{},[42,1291],{"id":1292},"RuleAA.References-Harold99",[46,1294],{},"\n[Harold 1999] Elliotte Rusty Harold, ",[50,1297,1298],{},"Java I\u002FO"," , O'Reilly, Sebastopol, CA, 1999.",[39,1301,1302,1305,1307,1308,1310],{},[42,1303],{"id":1304},"RuleAA.References-Harold06",[46,1306],{},"\n[Harold 2006] Elliotte Rusty Harold, ",[50,1309,1298],{}," , 2nd ed., O'Reilly, Sebastopol, CA, 2006.",[39,1312,1313,1316,1318,1319,1322],{},[42,1314],{"id":1315},"RuleAA.References-Hatton1995",[46,1317],{},"\n[Hatton 1995] Les Hatton, ",[50,1320,1321],{},"Safer C: Developing Software for High-Integrity and Safety-Critical Systems"," , McGraw-Hill, New York, 1995.",[39,1324,1325,1328,1330,1331,1336],{},[42,1326],{"id":1327},"RuleAA.References-Hawtin08",[46,1329],{},"\n[Hawtin 2008] Thomas Hawtin, ",[42,1332,1335],{"href":1333,"rel":1334},"http:\u002F\u002Fwww.makeitfly.co.uk\u002FPresentations\u002Flondon-securecoding.pdf",[78],"Secure Coding Antipatterns: Preventing Attacks and Avoiding Vulnerabilities"," , Sun Microsystems, Make it Fly 2008, London, 2008.",[39,1338,1339,1342,1344,1345,1350],{},[42,1340],{"id":1341},"RuleAA.References-Havelund09",[46,1343],{},"\n[Havelund 2009] Klaus Havelund and Al Niessner, ",[42,1346,1349],{"href":1347,"rel":1348},"http:\u002F\u002Flars-lab.jpl.nasa.gov\u002FJPL_Coding_Standard_Java.pdf",[78],"JPL Coding Standard"," , version 1.1, California Institute of Technology, 2009.",[39,1352,1353,1356,1358,1359,1362],{},[42,1354],{"id":1355},"RuleAA.References-Heffley2004",[46,1357],{},"\n[Heffley 2004] J. Heffley and P. Meunier, Can Source Code Auditing Software Identify Common Vulnerabilities and Be Used to Evaluate Software Security? ",[50,1360,1361],{},"Proceedings of the 37th Annual Hawaii International Conference on System Sciences (HICSS–04)"," , Track 9, Volume 9, IEEE Computer Society, January 2004.",[39,1364,1365,1368,1370,1371,1376],{},[42,1366],{"id":1367},"RuleAA.References-Henney03",[46,1369],{},"\n[Henney 2003] Kevlin Henney, ",[42,1372,1375],{"href":1373,"rel":1374},"http:\u002F\u002Fwww.two-sdg.demon.co.uk\u002Fcurbralan\u002Fpapers\u002Feuroplop\u002FNullObject.pdf",[78],"Null Object, Something for Nothing"," , 2003.",[39,1378,1379,1382,1384,1385,1390],{},[42,1380],{"id":1381},"RuleAA.References-HP15",[46,1383],{},"\n[Hewlett-Packard 2015] Hewlett-Packard Development Company, ",[42,1386,1389],{"href":1387,"rel":1388},"http:\u002F\u002Fwww.hpenterprisesecurity.com\u002Fvulncat\u002Fen\u002Fvulncat\u002Fjava\u002Fj2ee_badpractices_leftover_debug_code.html",[78],"J2EE Bad Practices: Leftover Debug Code"," [generated from version 2015.1.0.0009 of the Fortify Secure Coding Rulepacks], 2015.",[39,1392,1393,1396,1398,1399,1404],{},[42,1394],{"id":1395},"RuleAA.References-Hirondelle13",[46,1397],{},"\n[Hirondelle 2013] ",[42,1400,1403],{"href":1401,"rel":1402},"http:\u002F\u002Fwww.javapractices.com\u002Ftopic\u002FTopicAction.do?Id=206",[78],"Passwords Never Clear in Text"," , Hirondelle Systems, 2013.",[39,1406,1407,1410,1412],{},[42,1408],{"id":1409},"RuleAA.References-Hitchens02",[46,1411],{},"\n[Hitchens 2002] Ron Hitchens, Java™ NIO, O'Reilly, Sebastopol, CA, 2002.",[39,1414,1415,1418,1420,1421,1424],{},[42,1416],{"id":1417},"RuleAA.References-Hovemeyer07",[46,1419],{},"\n[Hovemeyer 2007] David Hovemeyer and William Pugh, Finding More Null Pointer Bugs, But Not Too Many, ",[50,1422,1423],{},"Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program Analysis for Software Tools and Engineering"," , 2007.",[39,1426,1427,1430,1432,1433,1440],{},[42,1428],{"id":1429},"RuleAA.References-Howard02",[46,1431],{},"\n[Howard 2002] Michael Howard and David C. LeBlanc, ",[42,1434,1437],{"href":1435,"rel":1436},"http:\u002F\u002Fwww.microsoft.com\u002Fmspress\u002Fbooks\u002F5957.aspx",[78],[50,1438,1439],{},"Writing Secure Code"," , 2nd ed., Microsoft Press, Redmond, WA, 2002.",[39,1442,1443,1446,1448,1449,1454],{},[42,1444],{"id":1445},"RuleAA.References-Hughes11",[46,1447],{},"\n[Hughes 2011] Elliott Hughes, ",[42,1450,1453],{"href":1451,"rel":1452},"http:\u002F\u002Fandroid-developers.blogspot.com\u002F2011\u002F11\u002Fjni-local-reference-changes-in-ics.html",[78],"JNI Local Reference Changes in ICS"," , November 2011.",[39,1456,1457,1460,1462,1463,1466],{},[42,1458],{"id":1459},"RuleAA.References-Hunt98",[46,1461],{},"\n[Hunt 1998] J. Hunt and F. Long, Java's Reliability: An Analysis of Software Defects in Java, ",[50,1464,1465],{},"Software IEEE Proceedings"," , 1998.",[39,1468,1469,1472,1474,1475,1478],{},[42,1470],{"id":1471},"RuleAA.References-IEC608122006",[46,1473],{},"\n[IEC 60812 2006] ",[50,1476,1477],{},"Analysis Techniques for System Reliability — Procedure for Failure Mode and Effects Analysis (FMEA)"," , 2nd ed., International Electrotechnical Commission, Geneva, Switzerland, 2006.",[39,1480,1481,1484,1486,1487,1492],{},[42,1482],{"id":1483},"RuleAA.References-IEEE7542006",[46,1485],{},"\n[IEEE 754 2006] IEEE, ",[42,1488,1491],{"href":1489,"rel":1490},"http:\u002F\u002Fgrouper.ieee.org\u002Fgroups\u002F754\u002F",[78],"Standard for Binary Floating-Point Arithmetic"," (IEEE 754-1985), 2006.",[39,1494,1495],{},[42,1496],{"id":1497},"RuleAA.References-IETFOAuth1.0a",[39,1499,1500,1501,1505],{},"[IETF OAuth1.0a] Internet Engineering Task Force (IETF). OAuth core 1.0 revision a. ",[42,1502,1503],{"href":1503,"rel":1504},"http:\u002F\u002Foauth.net\u002Fcore\u002F1.0a\u002F",[78]," .",[39,1507,1508],{},[42,1509],{"id":1510},"RuleAA.References-IETFOAuth2.0",[39,1512,1513,1514,1505],{},"[IETF OAuth2.0] Internet Engineering Task Force (IETF). The OAuth 2.0 authorization framework. ",[42,1515,1516],{"href":1516,"rel":1517},"http:\u002F\u002Ftools.ietf.org\u002Fhtml\u002Frfc6749",[78],[39,1519,1520],{},[42,1521],{"id":1522},"RuleAA.References-Intrepidus2012",[39,1524,1525,1526,1531],{},"[Intrepidus 2012] Intrepidus Group (Mobile Security), ",[42,1527,1530],{"href":1528,"rel":1529},"https:\u002F\u002Fintrepidusgroup.com\u002Finsight\u002F2012\u002F05\u002Fndk-file-permissions-gotcha-and-fix\u002F",[78],"NDK File Permissions Gotcha and Fix"," , 2012.",[39,1533,1534,702,1537,1540,1542,1543,1546],{},[42,1535],{"id":1536},"RuleAA.References-ISO\u002FIEC11889-1-2009",[42,1538],{"id":1539},"RuleAA.References-ISO-IEC11889-1-2009",[46,1541],{},"\n[ISO\u002FIEC 11889-1:2009] ISO\u002FIEC. ",[50,1544,1545],{},"Information Technology—Trusted Platform Module—Part 1: Overview"," (ISO\u002FIEC 11889-1:2009). Geneva, Switzerland: ISO, 2009.",[39,1548,1549,1552,1554,1555,1558,1559,1558,1562,1565],{},[42,1550],{"id":1551},"RuleAA.References-ISO\u002FIECTR24772-2010",[46,1553],{},"\n[ISO\u002FIEC TR 24772:2010] ISO\u002FIEC TR 24772. ",[50,1556,1557],{},"Information Technology"," — ",[50,1560,1561],{},"Programming Languages",[50,1563,1564],{},"Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use"," , October 2010.",[39,1567,1568,1571,1573,1574,1577],{},[42,1569],{"id":1570},"RuleAA.References-ISO\u002FIECTR24772-2013",[46,1572],{},"\n[ISO\u002FIEC TR 24772:2013] ISO\u002FIEC TR 24772:2013. ",[50,1575,1576],{},"Information Technology—Programming Languages—Guidance to Avoiding Vulnerabilities in Programming Languages through Language Selection and Use"," . Geneva, Switzerland: International Organization for Standardization, March 2013.",[39,1579,1580,1583,1585,1586,1591],{},[42,1581],{"id":1582},"RuleAA.References-J2SE00",[46,1584],{},"\n[J2SE 2000] Java™ 2 SDK, Standard Edition Documentation, Sun Microsystems, ",[42,1587,1590],{"href":1588,"rel":1589},"http:\u002F\u002Fjava.sun.com\u002Fj2se\u002F1.3\u002Fdocs\u002Fguide\u002F",[78],"J2SE Documentation version 1.3"," , Sun Microsystems, 2000.",[39,1593,1594,1597,1599,1600,1605],{},[42,1595],{"id":1596},"RuleAA.References-J2SE11",[46,1598],{},"\n[J2SE 2011] Java™ SE 7 Documentation, ",[42,1601,1604],{"href":1602,"rel":1603},"http:\u002F\u002Fdownload.java.net\u002Fjdk7\u002Fdocs\u002F",[78],"J2SE Documentation version 1.7"," , Oracle Corporation, 2011.",[39,1607,1608,1611,1613,1614,1591],{},[42,1609],{"id":1610},"RuleAA.References-JarSpec08",[46,1612],{},"\n[JarSpec 2008] J2SE Documentation version 1.5, ",[42,1615,1618],{"href":1616,"rel":1617},"http:\u002F\u002Fjava.sun.com\u002Fj2se\u002F1.5.0\u002Fdocs\u002Fguide\u002Fjar\u002Fjar.html",[78],"Jar File Specification",[39,1620,1621,1624,1626,1627,1632],{},[42,1622],{"id":1623},"RuleAA.References-Java06",[46,1625],{},"\n[Java 2006] ",[42,1628,1631],{"href":1629,"rel":1630},"http:\u002F\u002Fjava.sun.com\u002Fjavase\u002F6\u002Fdocs\u002Ftechnotes\u002Ftools\u002Fwindows\u002Fjava.html",[78],"Java - The Java Application Launcher"," , Sun Microsystems, 2006.",[39,1634,1635,1638,1640,1641,1644],{},[42,1636],{"id":1637},"RuleAA.References-Java2NS99",[46,1639],{},"\n[Java2NS 1999] Marco Pistoia, Duane F. Reller, Deepak Gupta, Milind Nagnur, and Ashok K. Ramani, ",[50,1642,1643],{},"Java 2 Network Security"," , Prentice Hall, Upper Saddle River, NJ, 1999.",[39,1646,1647,1650,1652,1653,1658],{},[42,1648],{"id":1649},"RuleAA.References-JavaGenerics04",[46,1651],{},"\n[JavaGenerics 2004] Oracle, ",[42,1654,1657],{"href":1655,"rel":1656},"http:\u002F\u002Fjava.sun.com\u002Fj2se\u002F1.5.0\u002Fdocs\u002Fguide\u002Flanguage\u002Fgenerics.html",[78],"Generics"," , Sun Microsystems, 2004.",[39,1660,1661,1664,1666,1667,1670],{},[42,1662],{"id":1663},"RuleAA.References-JavaThreads99",[46,1665],{},"\n[JavaThreads 1999] Scott Oaks and Henry Wong, ",[50,1668,1669],{},"Java Threads"," , 2nd ed., O'Reilly, Sebastopol, CA, 1999.",[39,1672,1673,1676,1678,1679,1681],{},[42,1674],{"id":1675},"RuleAA.References-JavaThreads04",[46,1677],{},"\n[JavaThreads 2004] Scott Oaks and Henry Wong, ",[50,1680,1669],{}," , 3rd ed., O'Reilly, Sebastopol, CA, 2004.",[39,1683,1684,702,1687,702,1690,1693,1695,1696,1701],{},[42,1685],{"id":1686},"RuleAA.References-Tutorials08",[42,1688],{"id":1689},"RuleAA.References-JavaTutorials",[42,1691],{"id":1692},"RuleAA.References-Tutorials15",[46,1694],{},"\n[Java Tutorials] ",[42,1697,1700],{"href":1698,"rel":1699},"http:\u002F\u002Fjava.sun.com\u002Fdocs\u002Fbooks\u002Ftutorial\u002Findex.html",[78],"The Java Tutorials"," , Sun Microsystems, 1995, 2015.",[39,1703,1704,1707,1709,1710,206],{},[42,1705],{"id":1706},"RuleAA.References-JCF14",[46,1708],{},"\n[JCF 2014] ",[42,1711,1714],{"href":1712,"rel":1713},"http:\u002F\u002Fdocs.oracle.com\u002Fjavase\u002F8\u002Fdocs\u002Ftechnotes\u002Fguides\u002Fcollections\u002F",[78],"The Java Collections Framework",[39,1716,1717,1720,1722,1723,1728],{},[42,1718],{"id":1719},"RuleAA.References-JDKBug15",[46,1721],{},"\n[JDK Bug 2015] ",[42,1724,1727],{"href":1725,"rel":1726},"https:\u002F\u002Fbugs.openjdk.java.net\u002Fsecure\u002FDashboard.jspa",[78],"JDK Bug System"," , Oracle, 2015.",[39,1730,1731,1734,1736,1737,1741],{},[42,1732],{"id":1733},"RuleAA.References-JDK708",[46,1735],{},"\n[JDK7 2008] ",[42,1738,1740],{"href":1602,"rel":1739},[78],"Java™ Platform, Standard Edition 7 documentation"," , Sun Microsystems, December 2008.",[39,1743,1744,1747,1749,1750,1757],{},[42,1745],{"id":1746},"RuleAA.References-JLS05",[46,1748],{},"\n[JLS 2005] James Gosling, Bill Joy, Guy Steele, and Gilad Bracha, ",[42,1751,1754],{"href":1752,"rel":1753},"http:\u002F\u002Fdocs.oracle.com\u002Fjavase\u002Fspecs\u002Fjls\u002Fse7\u002Fhtml\u002Findex.html",[78],[50,1755,1756],{},"The Java Language Specification"," , 3rd ed., Prentice Hall, Upper Saddle River, NJ, 2005.",[39,1759,1760,702,1763,702,1766,1769,1771,1772,1779],{},[42,1761],{"id":1762},"RuleAA.References-JLS14",[42,1764],{"id":1765},"RuleAA.References-JLS15",[42,1767],{"id":1768},"RuleAA.References-JLS2015",[46,1770],{},"\n[JLS 2015] James Gosling, Bill Joy, Guy Steele, Gilad Bracha, and Alex Buckley, ",[42,1773,1776],{"href":1774,"rel":1775},"http:\u002F\u002Fdocs.oracle.com\u002Fjavase\u002Fspecs\u002Fjls\u002Fse8\u002Fhtml\u002Findex.html",[78],[50,1777,1778],{},"The Java® Language Specification"," , Java SE 8 Edition, 2015.",[39,1781,1782,1785,1787,1788,1632],{},[42,1783],{"id":1784},"RuleAA.References-JMX06",[46,1786],{},"\n[JMX 2006] ",[42,1789,1792],{"href":1790,"rel":1791},"http:\u002F\u002Fjava.sun.com\u002Fjavase\u002F6\u002Fdocs\u002Ftechnotes\u002Fguides\u002Fmanagement\u002Findex.html",[78],"Monitoring and Management for the Java Platform",[39,1794,1795,1798,1800,1801,1632],{},[42,1796],{"id":1797},"RuleAA.References-JMXG06",[46,1799],{},"\n[JMXG 2006] ",[42,1802,1805],{"href":1803,"rel":1804},"http:\u002F\u002Fjava.sun.com\u002Fjavase\u002F6\u002Fdocs\u002Ftechnotes\u002Fguides\u002Fmanagement\u002Ftoc.html",[78],"Java SE Monitoring and Management Guide",[39,1807,1808,1811,1813,1814,1632],{},[42,1809],{"id":1810},"RuleAA.References-JNI06",[46,1812],{},"\n[JNI 2006] ",[42,1815,1818],{"href":1816,"rel":1817},"http:\u002F\u002Fjava.sun.com\u002Fjavase\u002F6\u002Fdocs\u002Ftechnotes\u002Fguides\u002Fjni\u002Findex.html",[78],"Java Native Interface",[39,1820,1821,1824,1826,1827,206],{},[42,1822],{"id":1823},"RuleAA.References-JNISpec14",[46,1825],{},"\n[JNISpec 2014] ",[42,1828,1831],{"href":1829,"rel":1830},"http:\u002F\u002Fdocs.oracle.com\u002Fjavase\u002F7\u002Fdocs\u002Ftechnotes\u002Fguides\u002Fjni\u002Fspec\u002FjniTOC.html",[78],"Java Native Interface Specification",[39,1833,1834,1837,1839,1840,111],{},[42,1835],{"id":1836},"RuleAA.References-JNItips",[46,1838],{},"\n[JNI Tips] ",[42,1841,1844],{"href":1842,"rel":1843},"http:\u002F\u002Fdeveloper.android.com\u002Ftraining\u002Farticles\u002Fperf-jni.html",[78],"Java Tips",[39,1846,1847,1850,1852,1853,92,1858,1861],{},[42,1848],{"id":1849},"RuleAA.References-Jovanovic06",[46,1851],{},"\n[Jovanovic 2006] Nenad Jovanovic, Christopher Kruegel, and Engin Kirda, ",[42,1854,1857],{"href":1855,"rel":1856},"http:\u002F\u002Fdx.doi.org\u002F10.1109\u002FSP.2006.29",[78],"Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper)",[50,1859,1860],{},"Proceedings of the 2006 IEEE Symposium on Security and Privacy (S&P'06)"," , pp. 258–263, May 21–24, 2006.",[39,1863,1864,1867,1869,1870,1658],{},[42,1865],{"id":1866},"RuleAA.References-JPDA04",[46,1868],{},"\n[JPDA 2004] ",[42,1871,1874],{"href":1872,"rel":1873},"http:\u002F\u002Fjava.sun.com\u002Fjavase\u002F6\u002Fdocs\u002Ftechnotes\u002Fguides\u002Fjpda\u002Findex.html",[78],"Java Platform Debugger Architecture (JPDA)",[39,1876,1877,1880,1882,1883,1886],{},[42,1878],{"id":1879},"RuleAA.References-JPL06",[46,1881],{},"\n[JPL 2006] Ken Arnold, James Gosling, and David Holmes, ",[50,1884,1885],{},"The Java™ Programming Language"," , 4th ed., Addison-Wesley Professional, Boston, 2006.",[39,1888,1889,1892,1894,1895,1900],{},[42,1890],{"id":1891},"RuleAA.References-JSR-13304",[46,1893],{},"\n[JSR-133 2004] ",[42,1896,1899],{"href":1897,"rel":1898},"http:\u002F\u002Fwww.cs.umd.edu\u002F%7Epugh\u002Fjava\u002FmemoryModel\u002Fjsr133.pdf",[78],"JSR-133: Java™ Memory Model and Thread Specification"," , 2004.",[39,1902,1903,1906,1908,1909,1914],{},[42,1904],{"id":1905},"RuleAA.References-JSSEC13",[46,1907],{},"\n[JSSEC 2013] ",[42,1910,1913],{"href":1911,"rel":1912},"http:\u002F\u002Fwww.jssec.org\u002Fdl\u002Fandroid_securecoding.pdf",[78],"Android Secure Design and Coding Guidebook"," , (in Japanese),Japan Smartphone Security Association, 2013.",[39,1916,1917,1920,1922,1923,1928],{},[42,1918],{"id":1919},"RuleAA.References-JSSEC14",[46,1921],{},"\n[JSSEC 2014] ",[42,1924,1927],{"href":1925,"rel":1926},"http:\u002F\u002Fwww.jssec.org\u002Fdl\u002Fandroid_securecoding_en.pdf",[78],"Android Application Secure Design \u002F Secure Coding Guidebook"," , Japan Smartphone Security Association, 2014.",[39,1930,1931,1934,1936,1937,1632],{},[42,1932],{"id":1933},"RuleAA.References-JVMTI06",[46,1935],{},"\n[JVMTI 2006] ",[42,1938,1941],{"href":1939,"rel":1940},"http:\u002F\u002Fjava.sun.com\u002Fjavase\u002F6\u002Fdocs\u002Ftechnotes\u002Fguides\u002Fjvmti\u002Findex.html",[78],"Java Virtual Machine Tool Interface (JVM TI)",[39,1943,1944,1947,1949,1950,1955],{},[42,1945],{"id":1946},"RuleAA.References-JVMSpec99",[46,1948],{},"\n[JVMSpec 1999] ",[42,1951,1954],{"href":1952,"rel":1953},"http:\u002F\u002Fjava.sun.com\u002Fdocs\u002Fbooks\u002Fjvms\u002F",[78],"The Java Virtual Machine Specification"," , Sun Microsystems, 1999.",[39,1957,1958,1961,1963,1964,1969],{},[42,1959],{"id":1960},"RuleAA.References-Kabanov09",[46,1962],{},"\n[Kabanov 2009] Jevgeni Kabanov, ",[42,1965,1968],{"href":1966,"rel":1967},"http:\u002F\u002Fdow.ngra.de\u002F2009\u002F02\u002F16\u002Fthe-ultimate-java-puzzler\u002F",[78],"The Ultimate Java Puzzler"," , February 16th, 2009.",[39,1971,1972,1975,1977,1978,1981],{},[42,1973],{"id":1974},"RuleAA.References-Kabutz01",[46,1976],{},"\n[Kabutz 2001] Heinz M. Kabutz, ",[50,1979,1980],{},"The Java Specialists' Newsletter"," , 2001.",[39,1983,1984,1987,1989,1990,1993],{},[42,1985],{"id":1986},"RuleAA.References-Kalinovsky04",[46,1988],{},"\n[Kalinovsky 2004] Alex Kalinovsky, ",[50,1991,1992],{},"Covert Java: Techniques for Decompiling, Patching, and Reverse Engineering"," , SAMS Publishing, Boston, 2004.",[39,1995,1996],{},[42,1997],{"id":1998},"RuleAA.References-Klieber2014",[39,2000,2001,2002,2005],{},"[Klieber 2014] William Klieber, Lori Flynn, Amar Bhosale, Limin Jia, and Lujo Bauer. ",[50,2003,2004],{},"Android Taint Flow Analysis for App Sets"," , ACM SIGPLAN International Workshop on the State Of the Art in Java Program Analysis, 2014.",[39,2007,2008,2011,2013,2014,284],{},[42,2009],{"id":2010},"RuleAA.References-Knoernschild01",[46,2012],{},"\n[Knoernschild 2001] Kirk Knoernschild, ",[50,2015,2016],{},"Java™ Design: Objects, UML, and Process",[39,2018,2019],{},[42,2020],{"id":2021},"RuleAA.References-Lai08",[39,2023,2024,2025,592],{},"[Lai 2008] Charlie Lai, ",[42,2026,2029],{"href":2027,"rel":2028},"http:\u002F\u002Fieeexplore.ieee.org\u002Fxpl\u002Ffreeabs_all.jsp?arnumber=4420062",[78],"Java Insecurity: Accounting for Subtleties That Can Compromise Code",[39,2031,2032,2035,2037,2038,592],{},[42,2033],{"id":2034},"RuleAA.References-Langer08",[46,2036],{},"\n[Langer 2008] Angelica Langer, ",[42,2039,2042],{"href":2040,"rel":2041},"http:\u002F\u002Fwww.angelikalanger.com\u002FGenericsFAQ\u002FFAQSections\u002FProgrammingIdioms.html",[78],"Practicalities – Programming with Java Generics",[39,2044,2045,2048,2050,2051,2056],{},[42,2046],{"id":2047},"RuleAA.References-Laplante05",[46,2049],{},"\n[Laplante 2005] Phillip A. Laplante, Colin J. Neill, ",[42,2052,2055],{"href":2053,"rel":2054},"http:\u002F\u002Fdc112.4shared.com\u002Fdoc\u002F6HMOFIdN\u002Fpreview.html",[78],"Antipatterns: Identification, Refactoring, and Management"," , Auerbach Publications, Boca Raton, FL, 2005.",[39,2058,2059,2062,2064,2065,2068],{},[42,2060],{"id":2061},"RuleAA.References-Lea00",[46,2063],{},"\n[Lea 2000a] Doug Lea, ",[50,2066,2067],{},"Concurrent Programming in Java"," , 2nd ed., Addison-Wesley Professional, Boston, 2000.",[39,2070,2071,2074,2076,2077,2082],{},[42,2072],{"id":2073},"RuleAA.References-Lea00b",[46,2075],{},"\n[Lea 2000b] Doug Lea and William Pugh, ",[42,2078,2081],{"href":2079,"rel":2080},"http:\u002F\u002Fwww.cs.umd.edu\u002F%7Epugh\u002Fjava\u002FmemoryModel\u002FTS-754.pdf",[78],"Correct and Efficient Synchronization of Java™ Technology based Threads"," , JavaOne Conference, 2000.",[39,2084,2085,2088,2090,2091,592],{},[42,2086],{"id":2087},"RuleAA.References-Lea08",[46,2089],{},"\n[Lea 2008] Doug Lea, ",[42,2092,2095],{"href":2093,"rel":2094},"http:\u002F\u002Fg.oswego.edu\u002Fdl\u002Fjmm\u002Fcookbook.html",[78],"The JSR-133 Cookbook for Compiler Writers",[39,2097,2098,2101,2103,2104,350],{},[42,2099],{"id":2100},"RuleAA.References-Lee09",[46,2102],{},"\n[Lee 2009] Sangjin Lee, Mahesh Somani, and Debashis Saha, ",[42,2105,2108],{"href":2106,"rel":2107},"http:\u002F\u002Fdevelopers.sun.com\u002Flearning\u002Fjavaoneonline\u002Fsessions\u002F2009\u002Fpdf\u002FTS-4620.pdf",[78],"Robust and Scalable Concurrent Programming: Lessons from the Trenches",[39,2110,2111,2114,2116,2117,2120],{},[42,2112],{"id":2113},"RuleAA.References-Liang97",[46,2115],{},"\n[Liang 1997] Sheng Liang, ",[50,2118,2119],{},"The Java™ Native Interface, Programmer's Guide and Specification"," , Addison-Wesley Professional, Reading, MA, 1997.",[39,2122,2123,2126,2128,2129,92,2134,1466],{},[42,2124],{"id":2125},"RuleAA.References-Liang98",[46,2127],{},"\n[Liang 1998] Sheng Liang and Gilad Bracha, ",[42,2130,2133],{"href":2131,"rel":2132},"http:\u002F\u002Fportal.acm.org\u002Fcitation.cfm?doid=286936.286945",[78],"Dynamic Class Loading in the Java™ Virtual Machine",[50,2135,2136],{},"Proceedings of the 13th ACM SIGPLAN Conference on Object-Oriented Programming, Systems, Languages, and Applications",[39,2138,2139,2142,2144,2145,92,2150,2153],{},[42,2140],{"id":2141},"RuleAA.References-Lieberman86",[46,2143],{},"\n[Lieberman 1986] Henry Lieberman, ",[42,2146,2149],{"href":2147,"rel":2148},"http:\u002F\u002Fportal.acm.org\u002Fcitation.cfm?id=28718",[78],"Using Prototypical Objects to Implement Shared Behavior in Object-Oriented Systems",[50,2151,2152],{},"Proceedings on Object-Oriented Programming, Systems, Languages, and Applications"," , pp. 214–223 (ISSN 0362-1340), Massachusetts Institute of Technology, 1986.",[39,2155,2156,2159,2161,2162,92,2167,2170],{},[42,2157],{"id":2158},"RuleAA.References-Lo05",[46,2160],{},"\n[Lo 2005] Chia-Tien Dan Lo, Witawas Srisa-an, and J. Morris Chang, ",[42,2163,2166],{"href":2164,"rel":2165},"https:\u002F\u002Fweb.archive.org\u002Fweb\u002F20051029134713\u002Fhttp:\u002F\u002Fwww.stsc.hill.af.mil\u002Fcrosstalk\u002F2005\u002F10\u002F0510DanLo.html",[78],"Security Issues in Garbage Collection",[50,2168,2169],{},"STSC Crosstalk"," , October 2005.",[39,2172,2173,2176,2178,2179,2184],{},[42,2174],{"id":2175},"RuleAA.References-Long05",[46,2177],{},"\n[Long 2005] Fred Long, ",[42,2180,2183],{"href":2181,"rel":2182},"http:\u002F\u002Fwww.sei.cmu.edu\u002Fpublications\u002Fdocuments\u002F05.reports\u002F05tn044.html",[78],"Software Vulnerabilities in Java"," , CMU\u002FSEI-2005-TN-044, Software Engineering Institute, Carnegie Mellon University, 2005.",[39,2186,2187],{},[42,2188],{"id":2189},"RuleAA.References-Long13",[39,2191,2192,2193,2196],{},"[Long 2013] Fred Long, Dhruv Mohindra, Robert C. Seacord, Dean F. Sutherland, and David Svoboda, ",[50,2194,2195],{},"Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs"," , Addison-Wesley Professional, Reading, MA, 2013.",[39,2198,2199,2202,2204,2205,2212],{},[42,2200],{"id":2201},"RuleAA.References-LSOD02",[46,2203],{},"\n[LSOD 02] Last Stage of Delirium Research Group, ",[42,2206,2209],{"href":2207,"rel":2208},"http:\u002F\u002Flsd-pl.net\u002Fprojects\u002F",[78],[50,2210,2211],{},"Java and Java Virtual Machine Security"," . Poland: Last Stage of Delirium Research Group, 2002.",[39,2214,2215,2218,2220,2221,92,2226,2229],{},[42,2216],{"id":2217},"RuleAA.References-Low97",[46,2219],{},"\n[Low 1997] Douglas Low, ",[42,2222,2225],{"href":2223,"rel":2224},"http:\u002F\u002Fwww.cs.arizona.edu\u002F%7Ecollberg\u002FResearch\u002FStudents\u002FDouglasLow\u002Fobfuscation.html",[78],"Protecting Java Code via Obfuscation",[50,2227,2228],{},"Crossroads"," Volume 4, Issue 3, 1997.",[39,2231,2232,2235,2237,2238,2241],{},[42,2233],{"id":2234},"RuleAA.References-MacGregor98",[46,2236],{},"\n[MacGregor 1998] Robert MacGregor, Dave Durbin, John Owlett, and Andrew Yeomans, ",[50,2239,2240],{},"Java Network Security"," , Prentice Hall PTR, Upper Saddle River, NJ, 1998.",[39,2243,2244,2247,2249,2250,702,2255],{},[42,2245],{"id":2246},"RuleAA.References-Mahmoud02",[46,2248],{},"\n[Mahmoud 2002] Qusay H. Mahmoud, ",[42,2251,2254],{"href":2252,"rel":2253},"http:\u002F\u002Fwww.oracle.com\u002Ftechnetwork\u002Farticles\u002Fjava\u002Fcompress-1565076.html",[78],"Compressing and Decompressing Data Using Java APIs",[42,2256,2259],{"href":2257,"rel":2258},"http:\u002F\u002Fjava.sun.com\u002Fdeveloper\u002FtechnicalArticles\u002FProgramming\u002Fcompression\u002F",[78],", Oracle, 2002.",[39,2261,2262,2265,2267,2268,2271],{},[42,2263],{"id":2264},"RuleAA.References-Mak02",[46,2266],{},"\n[Mak 2002] Ronald Mak, ",[50,2269,2270],{},"Java Number Cruncher: The Java Programmer's Guide to Numerical Computing"," , Prentice Hall PTR, Upper Saddle River, NJ, 2002.",[39,2273,2274,2277,2279,2280,2285],{},[42,2275],{"id":2276},"RuleAA.References-Manson08",[46,2278],{},"\n[Manson 2008] Jeremy Manson, ",[42,2281,2284],{"href":2282,"rel":2283},"http:\u002F\u002Fjeremymanson.blogspot.ru\u002F2008\u002F12\u002Fbenign-data-races-in-java.html",[78],"Data-Race-ful Lazy Initialization for Performance"," [blog], 2008.",[39,2287,2288,2291,2293,2294,1900],{},[42,2289],{"id":2290},"RuleAA.References-Manson04",[46,2292],{},"\n[Manson 2004] Jeremy Manson and Brian Goetz, ",[42,2295,2298],{"href":2296,"rel":2297},"http:\u002F\u002Fwww.cs.umd.edu\u002F%7Epugh\u002Fjava\u002FmemoryModel\u002Fjsr-133-faq.html#finalRight",[78],"JSR 133 (Java Memory Model) FAQ",[39,2300,2301,2304,2306,2307,2312],{},[42,2302],{"id":2303},"RuleAA.References-Manson06",[46,2305],{},"\n[Manson 2006] Jeremy Manson and William Pugh, ",[42,2308,2311],{"href":2309,"rel":2310},"http:\u002F\u002Fwww.cs.umd.edu\u002Fclass\u002Fspring2006\u002Fcmsc132\u002FSlides\u002FJMM06.pdf",[78],"The Java™ Memory Model: The Building Block of Concurrency"," , JavaOne Conference, 2006.",[39,2314,2315,2318,2320,2321,2326],{},[42,2316],{"id":2317},"RuleAA.References-Martin96",[46,2319],{},"\n[Martin 1996] Robert C. Martin, ",[42,2322,2325],{"href":2323,"rel":2324},"http:\u002F\u002Fwww.objectmentor.com\u002Fresources\u002Farticles\u002Fgranularity.pdf",[78],"Granularity"," , 1996.",[39,2328,2329],{},[42,2330],{"id":2331},"RuleAA.References-Masson2011",[39,2333,2334,2335,2340],{},"[Masson 2011] Neil D. Masson, ",[42,2336,2339],{"href":2337,"rel":2338},"http:\u002F\u002Fwww.ibm.com\u002Fdeveloperworks\u002Fjava\u002Flibrary\u002Fj-fv\u002Findex.html",[78],"Tip: Secure Your Code against the Finalizer Vulnerability"," , IBM developerWorks, 2011.",[39,2342,2343,2346,2348],{},[42,2344],{"id":2345},"RuleAA.References-McCluskey01",[46,2347],{},"\n[McCluskey 2001] Glen McCluskey, Java Developer Connection Tech Tips, April 10, 2001.",[39,2350,2351,2354,2356,2357,2360],{},[42,2352],{"id":2353},"RuleAA.References-McGraw99",[46,2355],{},"\n[McGraw 1999] Gary McGraw and Edward W. Felten, ",[50,2358,2359],{},"Securing Java, Getting Down to Business with Mobile Code"," , Wiley, New York, 1999.",[39,2362,2363,2366,2368,2369,2374],{},[42,2364],{"id":2365},"RuleAA.References-Mcgraw98",[46,2367],{},"\n[McGraw 1998] Gary McGraw and Edward W. Felten, ",[42,2370,2373],{"href":2371,"rel":2372},"http:\u002F\u002Fwww.javaworld.com\u002Fjavaworld\u002Fjw-12-1998\u002Fjw-12-securityrules.html",[78],"Twelve Rules for Developing More Secure Java Code"," , JavaWorld.com, 1998.",[39,2376,2377,2380,2382],{},[42,2378],{"id":2379},"RuleAA.References-Mettler2010A",[46,2381],{},"\n[Mettler 2010a] Adrian Mettler, David Wagner, and T. Close, Joe-E: A Security-Oriented Subset of Java, 17th Network & Distributed System Security Symposium, 2010.",[39,2384,2385,2388,2390,2391,92,2396,2399],{},[42,2386],{"id":2387},"RuleAA.References-Mettler2010B",[46,2389],{},"\n[Mettler 2010b] Adrian Mettler and David Wagner, ",[42,2392,2395],{"href":2393,"rel":2394},"http:\u002F\u002Fdl.acm.org\u002Fcitation.cfm?doid=1814217.1814224",[78],"Class Properties for Security Review in an Object-Capability Subset of Java",[50,2397,2398],{},"Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security (PLAS '10)"," . ACM, Article 7, DOI=10.1145\u002F1814217.1814224, 2010.",[39,2401,2402,2405,2407,2408,350],{},[42,2403],{"id":2404},"RuleAA.References-Miller09",[46,2406],{},"\n[Miller 2009] Alex Miller, ",[42,2409,2412],{"href":2410,"rel":2411},"http:\u002F\u002Fdevelopers.sun.com\u002Flearning\u002Fjavaoneonline\u002Fsessions\u002F2009\u002Fpdf\u002FTS-4863.pdf",[78],"Java™ Platform Concurrency Gotchas",[39,2414,2415,2418,2420,2421,2426],{},[42,2416],{"id":2417},"RuleAA.References-MITRE2011",[46,2419],{},"\n[MITRE 2011] MITRE Corporation, ",[42,2422,2425],{"href":2423,"rel":2424},"http:\u002F\u002Fcwe.mitre.org\u002F",[78],"Common Weakness Enumeration"," , 2011.",[39,2428,2429,2432,2434,2435,1424],{},[42,2430],{"id":2431},"RuleAA.References-Mocha07",[46,2433],{},"\n[Mocha 2007] ",[42,2436,2439],{"href":2437,"rel":2438},"http:\u002F\u002Fwww.brouhaha.com\u002F%7Eeric\u002Fsoftware\u002Fmocha\u002F",[78],"Mocha, the Java Decompiler",[39,2441,2442,2445,2447,2448,2453],{},[42,2443],{"id":2444},"RuleAA.References-Monsch06",[46,2446],{},"\n[Monsch 2006] Jan P. Monsch, ",[42,2449,2452],{"href":2450,"rel":2451},"http:\u002F\u002Fwww.iplosion.com\u002Fpapers\u002Fruining_security_with_java.util.random_v1.0.p",[78],"Ruining Security with java.util.Random"," Version 1.0, 2006.",[39,2455,2456,2459,2461,2462,2467],{},[42,2457],{"id":2458},"RuleAA.References-MSDN09",[46,2460],{},"\n[MSDN 2009] Microsoft Corporation, ",[42,2463,2466],{"href":2464,"rel":2465},"http:\u002F\u002Fmsdn.microsoft.com\u002Fen-us\u002Flibrary\u002Fms378045%28SQL.90%29.aspx",[78],"Using SQL Escape Sequences"," , 2009.",[39,2469,2470,2473,2475,2476,2481],{},[42,2471],{"id":2472},"RuleAA.References-Muchow01",[46,2474],{},"\n[Muchow 2001] John W. Muchow, ",[42,2477,2480],{"href":2478,"rel":2479},"http:\u002F\u002Fwww.onjava.com\u002Fpub\u002Fa\u002Fonjava\u002F2001\u002F04\u002F26\u002Fmidlet.html",[78],"MIDlet Packaging with J2ME"," , ONJava.com, 2001.",[39,2483,2484,2487,2489,2490,2495],{},[42,2485],{"id":2486},"RuleAA.References-Müller02",[46,2488],{},"\n[Müller 2002] Dr. Andreas Müller and Geoffrey Simmons, ",[42,2491,2494],{"href":2492,"rel":2493},"http:\u002F\u002Fwww.old.netobjectdays.org\u002Fpdf\u002F02\u002Fpapers\u002Findustry\u002F1430.pdf",[78],"Exception Handling: Common Problems and Best Practice with Java 1.4"," , Sun Microsystems GmbH, 2002.",[39,2497,2498,2501,2503,2504,2507],{},[42,2499],{"id":2500},"RuleAA.References-Naftalin06",[46,2502],{},"\n[Naftalin 2006a] Maurice Naftalin and Philip Wadler, ",[50,2505,2506],{},"Java Generics and Collections"," , O'Reilly, Sebastopol, CA, 2006.",[39,2509,2510,2513,2515,2516,324],{},[42,2511],{"id":2512},"RuleAA.References-Naftalin06b",[46,2514],{},"\n[Naftalin 2006b] Maurice Naftalin and Philip Wadler, ",[42,2517,2520],{"href":2518,"rel":2519},"http:\u002F\u002Fgceclub.sun.com.cn\u002Fjava_one_online\u002F2007\u002Fpdf\u002FTS-2890.pdf",[78],"Java™ Generics and Collections: Tools for Productivity",[39,2522,2523,2526,2528,2529,2536],{},[42,2524],{"id":2525},"RuleAA.References-Netzer92",[46,2527],{},"\n[Netzer 1992] Robert H. B. Netzer and Barton P. Miller, ",[42,2530,2533],{"href":2531,"rel":2532},"http:\u002F\u002Fportal.acm.org\u002Fcitation.cfm?id=130616.130623",[78],[50,2534,2535],{},"What Are Race Conditions? Some Issues and Formalization"," , University of Wisconsin, Madison, 1992.",[39,2538,2539,2542,2544,2545,2548],{},[42,2540],{"id":2541},"RuleAA.References-Neward04",[46,2543],{},"\n[Neward 2004] Ted Neward, ",[50,2546,2547],{},"Effective Enterprise Java"," , Addison-Wesley Professional, Boston, 2004.",[39,2550,2551,2554,2556,2557,324],{},[42,2552],{"id":2553},"RuleAA.References-Nisewanger07",[46,2555],{},"\n[Nisewanger 2007] Jeff Nisewanger, ",[42,2558,2561],{"href":2559,"rel":2560},"http:\u002F\u002Fdevelopers.sun.com\u002Flearning\u002Fjavaoneonline\u002F2007\u002Fpdf\u002FTS-2594.pdf",[78],"Avoiding Antipatterns",[39,2563,2564,2567,2569,2570,2573],{},[42,2565],{"id":2566},"RuleAA.References-Nolan04",[46,2568],{},"\n[Nolan 2004] Godfrey Nolan, ",[50,2571,2572],{},"Decompiling Java"," , Apress, Berkley, CA, 2004.",[39,2575,2576,2579,2581,2582,1183],{},[42,2577],{"id":2578},"RuleAA.References-Oaks01",[46,2580],{},"\n[Oaks 2001] Scott Oaks, ",[50,2583,2584],{},"Java Security",[39,2586,2587],{},[42,2588],{"id":2589},"RuleAA.References-Octeau2013",[39,2591,2592],{},"[Octeau 2013] D. Octeau, P. McDaniel, S. Jha, A. Bartel, E. Bodden, J. Klein, and Y. Le Traon. Effective Inter-component communication mapping in Android with Epicc: An essential step towards holistic security analysis. In Proc. USENIX Security, 2013.",[39,2594,2595,2598,2600,2601,1900],{},[42,2596],{"id":2597},"RuleAA.References-OpenGroup04",[46,2599],{},"\n[Open Group 2004] The IEEE and The Open Group, ",[42,2602,2605],{"href":2603,"rel":2604},"http:\u002F\u002Fpubs.opengroup.org\u002Fonlinepubs\u002F009695399\u002Fmindex.html",[78],"The Open Group Base Specifications Issue 6",[39,2607,2608,702,2611,2614,2616,2617,2622],{},[42,2609],{"id":2610},"RuleAA.References-Oracle10",[42,2612],{"id":2613},"RuleAA.References-Oracle10b",[46,2615],{},"\n[Oracle 2010a] ",[42,2618,2621],{"href":2619,"rel":2620},"http:\u002F\u002Fjava.sun.com\u002Fjavase\u002Ftechnologies\u002Fhotspot\u002Fgc\u002Fgc_tuning_6.html",[78],"Java SE 6 HotSpot™ Virtual Machine Garbage Collection Tuning"," , Oracle, 2010.",[39,2624,2625,2627,2629,2630,2622],{},[42,2626],{"id":2613},[46,2628],{},"\n[Oracle 2010b] ",[42,2631,2634],{"href":2632,"rel":2633},"http:\u002F\u002Fdocs.oracle.com\u002Fjavase\u002F1.5.0\u002Fdocs\u002Fguide\u002Fnio\u002F",[78],"New I\u002FO APIs",[39,2636,2637,2640,2642,2643,153],{},[42,2638],{"id":2639},"RuleAA.References-Oracle11a",[46,2641],{},"\n[Oracle 2011a] ",[42,2644,2647],{"href":2645,"rel":2646},"http:\u002F\u002Fdocs.oracle.com\u002Fjavase\u002F6\u002Fdocs\u002Ftechnotes\u002Fguides\u002Fsecurity\u002Fcertpath\u002FCertPathProgGuide.html",[78],"Java PKI Programmer's Guide",[39,2649,2650,2653,2655,2656,153],{},[42,2651],{"id":2652},"RuleAA.References-Oracle11b",[46,2654],{},"\n[Oracle 2011b] ",[42,2657,2660],{"href":2658,"rel":2659},"http:\u002F\u002Fdocs.oracle.com\u002Fjavase\u002F6\u002Fdocs\u002Findex.html",[78],"Java Platform™, Standard Edition 6 Documentation",[39,2662,2663,2666,2668,2669,2674],{},[42,2664],{"id":2665},"RuleAA.References-Oracle11c",[46,2667],{},"\n[Oracle 2011c] ",[42,2670,2673],{"href":2671,"rel":2672},"http:\u002F\u002Fdocs.oracle.com\u002Fjavaee\u002F6\u002Fapi\u002Fjavax\u002Fservlet\u002Fhttp\u002Fpackage-summary.html",[78],"Package javax.servelt.http"," , Oracle  2011.",[39,2676,2677,2680,2682,2683,153],{},[42,2678],{"id":2679},"RuleAA.References-Oracle11d",[46,2681],{},"\n[Oracle 2011d] ",[42,2684,2687],{"href":2685,"rel":2686},"http:\u002F\u002Fdocs.oracle.com\u002Fjavase\u002F6\u002Fdocs\u002Ftechnotes\u002Fguides\u002Fsecurity\u002Fpermissions.html",[78],"Permissions in the Java™ SE 6 Development Kit (JDK)",[39,2689,2690,2693,2695,2696,2701],{},[42,2691],{"id":2692},"RuleAA.References-Oracle13a",[46,2694],{},"\n[Oracle 2013a] ",[42,2697,2700],{"href":2698,"rel":2699},"http:\u002F\u002Fdownload.java.net\u002Fjdk8\u002Fdocs\u002Ftechnotes\u002Fguides\u002Fsecurity\u002Fdoprivileged.html",[78],"API for Privileged Blocks"," , Oracle, 1993\u002F2013.",[39,2703,2704,2707,2709,2710,92,2715,179],{},[42,2705],{"id":2706},"RuleAA.References-Oracle13b",[46,2708],{},"\n[Oracle 2013b] ",[42,2711,2714],{"href":2712,"rel":2713},"http:\u002F\u002Fdocs.oracle.com\u002Fjavase\u002F7\u002Fdocs\u002Ftechnotes\u002Fguides\u002Fsecurity\u002Fcrypto\u002FCryptoSpec.html#ReadPassword",[78],"Reading ASCII Passwords from an InputStream Example",[50,2716,2717],{},"Java Cryptography Architecture (JCA) Reference Guide",[39,2719,2720,2723,2725,2726,179],{},[42,2721],{"id":2722},"RuleAA.References-Oracle13c",[46,2724],{},"\n[Oracle 2013c] ",[42,2727,2730],{"href":2728,"rel":2729},"http:\u002F\u002Fdocs.oracle.com\u002Fjavase\u002F7\u002Fdocs\u002F",[78],"Java Platform Standard Edition 7 Documentation",[39,2732,2733,2736,2738,2739,179],{},[42,2734],{"id":2735},"RuleAA.References-Oracle13d",[46,2737],{},"\n[Oracle 2013d] ",[42,2740,2743],{"href":2741,"rel":2742},"http:\u002F\u002Fwww.oracle.com\u002Ftechnetwork\u002Ftopics\u002Fsecurity\u002Falert-cve-2013-0422-1896849.html",[78],"Oracle Security Alert for CVE-2013-0422",[39,2745,2746],{},[42,2747],{"id":2748},"RuleAA.References-Oracle14",[39,2750,2751,2752,206],{},"[Oracle 2014] ",[42,2753,2756],{"href":2754,"rel":2755},"http:\u002F\u002Fwww.oracle.com\u002Ftechnetwork\u002Fjava\u002Fseccodeguide-139067.html#9-9",[78],"Secure Coding Guidelines for Java SE, Version 5.0",[39,2758,2759],{},[42,2760],{"id":2761},"RuleAA.References-Oracle15",[39,2763,2764,2765,92,2770,2775],{},"[Oracle 2015] ",[42,2766,2769],{"href":2767,"rel":2768},"http:\u002F\u002Fdocs.oracle.com\u002Fcd\u002FE26576_01\u002Findex.htm",[78],"Oracle GlassFish Server Performance Tuning Guide",[42,2771,2774],{"href":2772,"rel":2773},"http:\u002F\u002Fdocs.oracle.com\u002Fcd\u002FE26576_01\u002Fdoc.312\u002Fe24936\u002Ftuning-java.htm#GSPTG00006",[78],"Tuning the Java Runtime System"," , Oracle, 2015.",[39,2777,2778,2781,2783,2784,2789],{},[42,2779],{"id":2780},"RuleAA.References-OWASP05",[46,2782],{},"\n[OWASP 2005] ",[42,2785,2788],{"href":2786,"rel":2787},"http:\u002F\u002Fsourceforge.net\u002Fprojects\u002Fowasp\u002Ffiles\u002FGuide\u002F2.0.1\u002FOWASPGuide2.0.1.pdf\u002Fdownload",[78],"A Guide to Building Secure Web Applications and Web Services"," , Open Web Application Security Project (OWASP), 2005.",[39,2791,2792,2795,2797,2798,2803],{},[42,2793],{"id":2794},"RuleAA.References-OWASP07",[46,2796],{},"\n[OWASP 2007] ",[42,2799,2802],{"href":2800,"rel":2801},"https:\u002F\u002Fwww.owasp.org\u002Fimages\u002F8\u002F89\u002FOWASP_Top_10_2007_for_JEE.pdf",[78],"OWASP Top 10 for Java EE"," , OWASP, 2007.",[39,2805,2806,2809,2811,2812,2817],{},[42,2807],{"id":2808},"RuleAA.References-OWASP09",[46,2810],{},"\n[OWASP 2009] ",[42,2813,2816],{"href":2814,"rel":2815},"https:\u002F\u002Fwww.owasp.org\u002Findex.php\u002FDouble_Encoding",[78],"Double Encoding"," , OWASP, 2009.",[39,2819,2820,2823,2825,2826,2426],{},[42,2821],{"id":2822},"RuleAA.References-OWASP11",[46,2824],{},"\n[OWASP 2011] ",[42,2827,2830],{"href":2828,"rel":2829},"http:\u002F\u002Fwww.owasp.org\u002Findex.php\u002FMain_Page",[78],"Open Web Application Security Project (OWASP)",[39,2832,2833,2836,2838,2839,2844],{},[42,2834],{"id":2835},"RuleAA.References-OWASP14a",[46,2837],{},"\n[OWASP 2014a] ",[42,2840,2843],{"href":2841,"rel":2842},"https:\u002F\u002Fwww.owasp.org\u002Findex.php\u002FPreventing_LDAP_Injection_in_Java",[78],"Preventing LDAP Injection in Java"," , OWASP, 2014.",[39,2846,2847,702,2850,2853,2855,2856,2844],{},[42,2848],{"id":2849},"RuleAA.References-OWASP14",[42,2851],{"id":2852},"RuleAA.References-OWASP14b",[46,2854],{},"\n[OWASP 2014b] ",[42,2857,2860],{"href":2858,"rel":2859},"https:\u002F\u002Fwww.owasp.org\u002Findex.php\u002FXSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet#Escaping_.28aka_Output_Encoding.29",[78],"XSS (Cross Site Scripting) Prevention Cheat Sheet",[39,2862,2863,2866,2868,2869,2874],{},[42,2864],{"id":2865},"RuleAA.References-PCI10",[46,2867],{},"\n[PCI 2010] PCI Security Standards Council, ",[42,2870,2873],{"href":2871,"rel":2872},"https:\u002F\u002Fwww.pcisecuritystandards.org\u002Fsecurity_standards\u002Findex.php",[78],"Payment Card Industry (PCI) Data Security Standard"," , Version 2.0, October, 2010.",[39,2876,2877,2880,2882,2883,2887],{},[42,2878],{"id":2879},"RuleAA.References-Permissions08",[46,2881],{},"\n[Permissions 2008] ",[42,2884,2687],{"href":2885,"rel":2886},"http:\u002F\u002Fjava.sun.com\u002Fjavase\u002F6\u002Fdocs\u002Ftechnotes\u002Fguides\u002Fsecurity\u002Fpermissions.html",[78]," , Sun Microsystems, 2008.",[39,2889,2890,2893,2895,2896,2901],{},[42,2891],{"id":2892},"RuleAA.References-Philion03",[46,2894],{},"\n[Philion 2003] Paul Philion, ",[42,2897,2900],{"href":2898,"rel":2899},"http:\u002F\u002Fwww.javaworld.com\u002Fjavaworld\u002Fjw-10-2003\u002Fjw-1003-generics.html?page=2#sidebar1",[78],"Beware the Dangers of Generic Exceptions"," , JavaWorld.com, 2003.",[39,2903,2904,2907,2909,2910,2915],{},[42,2905],{"id":2906},"RuleAA.References-Phillips05",[46,2908],{},"\n[Phillips 2005] Addison P. Phillips, ",[42,2911,2914],{"href":2912,"rel":2913},"http:\u002F\u002Fwww.inter-locale.com\u002Fwhitepaper\u002FIUC27-a303.html",[78],"Are We Counting Bytes Yet?"," , 27th Internationalization and Unicode Conference, webMethods, 2005.",[39,2917,2918,2921,2923,2924,2548],{},[42,2919],{"id":2920},"RuleAA.References-Pistoia04",[46,2922],{},"\n[Pistoia 2004] Marco Pistoia, Nataraj Nagaratnam, Larry Koved, and Anthony Nadalin, Enterprise ",[50,2925,2926],{},"Java Security: Building Secure J2EE Applications",[39,2928,2929,2932,2934,2935,2940],{},[42,2930],{"id":2931},"RuleAA.References-Policy02",[46,2933],{},"\n[Policy 2002] Sun Microsystems, ",[42,2936,2939],{"href":2937,"rel":2938},"http:\u002F\u002Fjava.sun.com\u002Fjavase\u002F6\u002Fdocs\u002Ftechnotes\u002Fguides\u002Fsecurity\u002FPolicyFiles.html",[78],"Default Policy Implementation and Policy File Syntax"," , Document revision 1.6, 2002.",[39,2942,2943,2946,2948,2949,1900],{},[42,2944],{"id":2945},"RuleAA.References-Pugh04",[46,2947],{},"\n[Pugh 2004] William Pugh, ",[42,2950,2953],{"href":2951,"rel":2952},"http:\u002F\u002Fwww.cs.umd.edu\u002F%7Epugh\u002Fjava\u002FmemoryModel\u002F",[78],"The Java Memory Model (discussions reference)",[39,2955,2956,2959,2961,2962,2967],{},[42,2957],{"id":2958},"RuleAA.References-Pugh08",[46,2960],{},"\n[Pugh 2008] William Pugh, ",[42,2963,2966],{"href":2964,"rel":2965},"http:\u002F\u002Fdevelopers.sun.com\u002Flearning\u002Fjavaoneonline\u002F2008\u002Fpdf\u002FTS-6589.pdf?cid=925745",[78],"Defective Java Code: Turning WTF Code into a Learning Experience"," , JavaOne Conference, 2008.",[39,2969,2970,2973,2975,2976,350],{},[42,2971],{"id":2972},"RuleAA.References-Pugh09",[46,2974],{},"\n[Pugh 2009] William Pugh, ",[42,2977,2980],{"href":2978,"rel":2979},"http:\u002F\u002Fdevelopers.sun.com\u002Flearning\u002Fjavaoneonline\u002Fsessions\u002F2009\u002Fpdf\u002FTS-5335.pdf",[78],"Defective Java Code: Mistakes That Matter",[39,2982,2983,2986,2988,2989,2994],{},[42,2984],{"id":2985},"RuleAA.References-Rapid714",[46,2987],{},"\n[Rapid7 2014] Jeroen Frijters and Juan Vazquez, ",[42,2990,2993],{"href":2991,"rel":2992},"http:\u002F\u002Fwww.rapid7.com\u002Fdb\u002Fmodules\u002Fexploit\u002Fmulti\u002Fbrowser\u002Fjava_atomicreferencearray",[78],"Java AtomicReferenceArray Type Violation Vulnerability"," , 2014.",[39,2996,2997,3000,3002,3003,3008],{},[42,2998],{"id":2999},"RuleAA.References-Reasoning03",[46,3001],{},"\n[Reasoning 2003] ",[42,3004,3007],{"href":3005,"rel":3006},"http:\u002F\u002Fwww.reasoning.com\u002Fpdf\u002FTomcat_Defect_Report.pdf",[78],"Reasoning Inspection Service Defect Data Tomcat v 1.4.24"," , November 14, 2003.",[39,3010,3011,3014,3016,3017,914],{},[42,3012],{"id":3013},"RuleAA.References-Reflect06",[46,3015],{},"\n[Reflect 2006] Sun Microsystems, ",[42,3018,3021],{"href":3019,"rel":3020},"http:\u002F\u002Fjava.sun.com\u002Fjavase\u002F6\u002Fdocs\u002Ftechnotes\u002Fguides\u002Freflection\u002Findex.html",[78],"Reflection",[39,3023,3024,3027,3029,3030,3037],{},[42,3025],{"id":3026},"RuleAA.References-Rogue00",[46,3028],{},"\n[Rogue 2000] Vermeulen, Ambler, Metz, Misfeldt, Shur, and Thompson, ",[42,3031,3034],{"href":3032,"rel":3033},"http:\u002F\u002Fwww.ambysoft.com\u002Fbooks\u002FelementsJavaStyle.html",[78],[50,3035,3036],{},"The Elements of Java Style"," , Cambridge University Press, New York, 2000.",[39,3039,3040,3043,3045,3046,592],{},[42,3041],{"id":3042},"RuleAA.References-Rotem08",[46,3044],{},"\n[Rotem 2008] Arnon Rotem-Gal-Oz, ",[42,3047,3050],{"href":3048,"rel":3049},"http:\u002F\u002Fwww.rgoarchitects.com\u002FFiles\u002Ffallacies.pdf",[78],"Fallacies of Distributed Computing Explained",[39,3052,3053,3056,3058,3059,2901],{},[42,3054],{"id":3055},"RuleAA.References-Roubtsov03",[46,3057],{},"\n[Roubtsov 2003a] Vladimir Roubtsov, ",[42,3060,3063],{"href":3061,"rel":3062},"http:\u002F\u002Fwww.javaworld.com\u002Fjavaworld\u002Fjavaqa\u002F2003-02\u002F02-qa-0228-evilthrow.html",[78],"Breaking Java Exception-Handling Rules is Easy",[39,3065,3066,3069,3071,3072,2901],{},[42,3067],{"id":3068},"RuleAA.References-Roubtsov03b",[46,3070],{},"\n[Roubtsov 2003b] Vladimir Roubtsov, ",[42,3073,3076],{"href":3074,"rel":3075},"http:\u002F\u002Fwww.javaworld.com\u002Fjavaworld\u002Fjavaqa\u002F2003-06\u002F02-qa-0627-mythser.html?page=1",[78],"Into the Mist of Serialization Myths",[39,3078,3079,3082,3084,3085,3088],{},[42,3080],{"id":3081},"RuleAA.References-Saltzer74",[46,3083],{},"\n[Saltzer 1974] J. H. Saltzer, Protection and the Control of Information Sharing in Multics. ",[50,3086,3087],{},"Communications of the ACM 17"," , 7 (July 1974): 388–402.",[39,3090,3091,3094,3096,3097,3100,3101,3103,3104,1505],{},[42,3092],{"id":3093},"RuleAA.References-Saltzer75",[46,3095],{},"\n[Saltzer 1975] J. H. Saltzer and M. D. Schroeder, The Protection of Information in Computer Systems, ",[50,3098,3099],{},"Proceedings of the IEEE"," , Volume 63, Issue 9, 1975, 1278–1308.",[46,3102],{},"\nAvailable at ",[42,3105,3106],{"href":3106,"rel":3107},"http:\u002F\u002Fweb.mit.edu\u002FSaltzer\u002Fwww\u002Fpublications\u002Fprotection\u002F",[78],[39,3109,3110,3113,3115,3116,2467],{},[42,3111],{"id":3112},"RuleAA.References-SCG09",[46,3114],{},"\n[SCG 2009] Sun Microsystems, ",[42,3117,3120],{"href":3118,"rel":3119},"http:\u002F\u002Fjava.sun.com\u002Fsecurity\u002Fseccodeguide.html",[78],"Secure Coding Guidelines for the Java Programming Language, version 3.0",[39,3122,3123,3126,3128,3129,3132],{},[42,3124],{"id":3125},"RuleAA.References-Schildt07",[46,3127],{},"\n[Schildt 2007] Herb Schildt, ",[50,3130,3131],{},"Herb Schildt's Java Programming Cookbook"," , McGraw-Hill, New York, 2007.",[39,3134,3135,3138,3140,3141,3146],{},[42,3136],{"id":3137},"RuleAA.References-Schindler12",[46,3139],{},"\nSchindler, Uwe. ",[42,3142,3145],{"href":3143,"rel":3144},"http:\u002F\u002Fblog.thetaphi.de\u002F2012\u002F07\u002Fdefault-locales-default-charsets-and.html",[78],"The Policeman’s Horror: Default Locales, Default Charsets, and Default Timezones"," , The Generics Policeman Blog, November 2012.",[39,3148,3149,3152,3154,3155,3158],{},[42,3150],{"id":3151},"RuleAA.References-Schneier00",[46,3153],{},"\n[Schneier 2000] Bruce Schneier, ",[50,3156,3157],{},"Secrets and Lies—Digital Security in a Networked World"," , Wiley, New York, 2000.",[39,3160,3161,3164,3166,3167,3172],{},[42,3162],{"id":3163},"RuleAA.References-Schönefeld02",[46,3165],{},"\n[Sch ö nefeld 2002] Marc Sch ö nefeld, ",[42,3168,3171],{"href":3169,"rel":3170},"http:\u002F\u002Fwww.blackhat.com\u002Fpresentations\u002Fbh-usa-02\u002Fbh-us-02-schonefeld-java.ppt.",[78],"Security Aspects in Java Bytecode Engineering"," , Blackhat Briefings 2002, Las Vegas, August 2002.",[39,3174,3175,3178,3180,3181,3185],{},[42,3176],{"id":3177},"RuleAA.References-Schönefeld04",[46,3179],{},"\n[Sch ö nefeld 2004] Marc Sch ö nefeld, Java Vulnerabilities in Opera 7.54, BUGTRAQ Mailing List (",[42,3182,3184],{"href":3183},"mailto:bugtraq@securityfocus.com","bugtraq@securityfocus.com","), November 2004.",[39,3187,3188,3191,3193,3194,3199],{},[42,3189],{"id":3190},"RuleAA.References-Schwarz04",[46,3192],{},"\n[Schwarz 2004] Don Schwarz, ",[42,3195,3198],{"href":3196,"rel":3197},"http:\u002F\u002Fwww.oreillynet.com\u002Fonjava\u002Fblog\u002F2004\u002F09\u002Favoiding_checked_exceptions.html",[78],"Avoiding Checked Exceptions"," , ONJava 2004.",[39,3201,3202,3205,3207,3208,3213],{},[42,3203],{"id":3204},"RuleAA.References-Schweisguth03",[46,3206],{},"\n[Schweisguth 2003] Dave Schweisguth, ",[42,3209,3212],{"href":3210,"rel":3211},"http:\u002F\u002Fwww.javaworld.com\u002Fjavaworld\u002Fjavatips\u002Fjw-javatip134.html?page=2",[78],"Java Tip 134: When Catching Exceptions, Don't Cast Your Net Too Wide"," , Javaworld.com, 2003.",[39,3215,3216,3219,3221,3222,3227],{},[42,3217],{"id":3218},"RuleAA.References-SDN08",[46,3220],{},"\n[SDN 2008] Sun Microsystems, ",[42,3223,3226],{"href":3224,"rel":3225},"http:\u002F\u002Fdevelopers.sun.com\u002F",[78],"SUN Developer Network"," , 1994–2008.",[39,3229,3230,3233,3235,3236,296],{},[42,3231],{"id":3232},"RuleAA.References-Seacord05",[46,3234],{},"\n[Seacord 2005] Robert C. Seacord, ",[42,3237,3240],{"href":3238,"rel":3239},"http:\u002F\u002Fwww.cert.org\u002Fbooks\u002Fsecure-coding",[78],[50,3241,3242],{},"Secure Coding in C and C++",[39,3244,3245,3248,3250,3251,3254],{},[42,3246],{"id":3247},"RuleAA.References-Seacord08",[46,3249],{},"\n[Seacord 2008] Robert C. Seacord, ",[50,3252,3253],{},"The CERT C Secure Coding Standard"," , Addison-Wesley Professional, Boston, 2008.",[39,3256,3257,3260,3262],{},[42,3258],{"id":3259},"RuleAA.References-Seacord10",[46,3261],{},"\n[Seacord 2010] Robert C. Seacord, William Dormann, James McCurley, Philip Miller, Robert Stoddard, David Svoboda, and Jefferson Welch, Source Code Analysis Laboratory (SCALe) for energy delivery systems, CMU\u002FSEI-2010-TR-021, Software Engineering Institute, Carnegie Mellon University, Pittsburgh, PA, December 2010.",[39,3264,3265,3268,3270,3271,3273],{},[42,3266],{"id":3267},"RuleAA.References-Seacord13",[46,3269],{},"\n[Seacord 2013] Seacord, Robert C. ",[50,3272,3242],{}," , 2nd ed. Addison-Wesley, Boston, 2013.",[39,3275,3276,3279,3281,3282,3287],{},[42,3277],{"id":3278},"RuleAA.References-Seacord2015",[46,3280],{},"\n[Seacord 2015] Seacord, Robert C. ",[42,3283,3286],{"href":3284,"rel":3285},"https:\u002F\u002Fwww.safaribooksonline.com\u002Flibrary\u002Fview\u002Fsecure-coding-rules\u002F9780134031521\u002F",[78],"Secure Coding Rules for Java"," . Addison-Wesley Professional, Boston, 2013.",[39,3289,3290,3293,3295,3296,914],{},[42,3291],{"id":3292},"RuleAA.References-SecArch06",[46,3294],{},"\n[SecArch 2006] Sun Microsystems, ",[42,3297,3300],{"href":3298,"rel":3299},"http:\u002F\u002Fjava.sun.com\u002Fjavase\u002F6\u002Fdocs\u002Ftechnotes\u002Fguides\u002Fsecurity\u002Fspec\u002Fsecurity-spec.doc.html",[78],"Java 2 Platform Security Architecture",[39,3302,3303,3306,3308,3309,592],{},[42,3304],{"id":3305},"RuleAA.References-Secunia08",[46,3307],{},"\n[Secunia 2008] Secunia ApS, ",[42,3310,3313],{"href":3311,"rel":3312},"http:\u002F\u002Fsecunia.com\u002Fadvisories\u002F",[78],"Secunia Advisories",[39,3315,3316,3319,3321,3322,1632],{},[42,3317],{"id":3318},"RuleAA.References-Security06",[46,3320],{},"\n[Security 2006] ",[42,3323,3326],{"href":3324,"rel":3325},"http:\u002F\u002Fjava.sun.com\u002Fjavase\u002F6\u002Fdocs\u002Ftechnotes\u002Fguides\u002Fsecurity\u002F",[78],"Java Security Guides",[39,3328,3329,3332,3334,3335,592],{},[42,3330],{"id":3331},"RuleAA.References-SecuritySpec08",[46,3333],{},"\n[SecuritySpec 2008] Sun Microsystems, ",[42,3336,3339],{"href":3337,"rel":3338},"http:\u002F\u002Fjava.sun.com\u002Fj2se\u002F1.5.0\u002Fdocs\u002Fguide\u002Fsecurity\u002Fspec\u002Fsecurity-specTOC.fm.html",[78],"Java Security Architecture",[39,3341,3342,3345,3347,3348,3353],{},[42,3343],{"id":3344},"RuleAA.References-Sen07",[46,3346],{},"\n[Sen 2007] Robi Sen, ",[42,3349,3352],{"href":3350,"rel":3351},"http:\u002F\u002Fwww.ibm.com\u002Fdeveloperworks\u002Fxml\u002Flibrary\u002Fx-xpathinjection.html",[78],"Avoid the Dangers of XPath Injection"," , IBM developerWorks, 2007.",[39,3355,3356],{},[42,3357],{"id":3358},"RuleAA.References-Shipilёv2014",[39,3360,3361,3362,3367],{},"[Shipilёv 2014] Shipilёv, Aleksey, ",[42,3363,3366],{"href":3364,"rel":3365},"http:\u002F\u002Fshipilev.net\u002Fblog\u002F2014\u002Fsafe-public-construction\u002F",[78],"Safe Publication and Safe Initialization in Java"," , December 2014.",[39,3369,3370,3373,3375,3376,3379],{},[42,3371],{"id":3372},"RuleAA.References-Steel05",[46,3374],{},"\n[Steel 2005] Christopher Steel, Ramesh Nagappan, and Ray Lai, ",[50,3377,3378],{},"Core Security Patterns: Best Practices and Strategies for J2EEâ„¢, Web Services, and Identity Management"," , Prentice Hall PTR, Upper Saddle River, NJ, 2005.",[39,3381,3382,3385,3387,3388,92,3393,3396],{},[42,3383],{"id":3384},"RuleAA.References-Steele1977",[46,3386],{},"\n[Steele 1977] G.L. Steele, ",[42,3389,3392],{"href":3390,"rel":3391},"http:\u002F\u002Fdoi.acm.org\u002F10.1145\u002F956641.956647",[78],"Arithmetic Shifting Considered Harmful",[50,3394,3395],{},"ACM SIGPLAN Notices"," , Volume 12, Issue 11 (1977), 61–69.",[39,3398,3399,3402,3404,3405,3410],{},[42,3400],{"id":3401},"RuleAA.References-Steinberg05",[46,3403],{},"\n[Steinberg 2005] Daniel H. Steinberg, ",[42,3406,3409],{"href":3407,"rel":3408},"http:\u002F\u002Fjava.sun.com\u002Fdeveloper\u002FJDCTechTips\u002F2005\u002Ftt0104.html",[78],"Java Developer Connection Tech Tips Using the Varargs Language Feature"," , January 4, 2005.",[39,3412,3413,3416,3418,3419,3424],{},[42,3414],{"id":3415},"RuleAA.References-Sterbenz06",[46,3417],{},"\n[Sterbenz 2006] Andreas Sterbenz and Charlie Lai, ",[42,3420,3423],{"href":3421,"rel":3422},"http:\u002F\u002Fgceclub.sun.com.cn\u002Fjava_one_online\u002F2006\u002FTS-1238\u002FTS-1238.pdf",[78],"Secure Coding Antipatterns: Avoiding Vulnerabilities"," , Sun Microsystems, JavaOne Conference, 2006.",[39,3426,3427,3430,3432,3433,3438],{},[42,3428],{"id":3429},"RuleAA.References-Steuck02",[46,3431],{},"\n[Steuck 2002] Gregory Steuck, ",[42,3434,3437],{"href":3435,"rel":3436},"http:\u002F\u002Fwww.securityfocus.com\u002Farchive\u002F1\u002F297714",[78],"XXE (Xml eXternal Entity) Attack"," , 2002.",[39,3440,3441,3444,3446,3447,1955],{},[42,3442],{"id":3443},"RuleAA.References-Sun99",[46,3445],{},"\n[Sun 1999] ",[42,3448,3451],{"href":3449,"rel":3450},"http:\u002F\u002Fjava.sun.com\u002Fj2se\u002F1.4.2\u002Fdocs\u002Fguide\u002Fmisc\u002FthreadPrimitiveDeprecation.html",[78],"Why Are Thread.stop, Thread.suspend, Thread.resume and Runtime.runFinalizersOnExit Deprecated?",[39,3453,3454,3457,3459,3460,3464],{},[42,3455],{"id":3456},"RuleAA.References-Sun02",[46,3458],{},"\n[Sun 2002] ",[42,3461,3021],{"href":3462,"rel":3463},"http:\u002F\u002Fjava.sun.com\u002Fj2se\u002F1.5.0\u002Fdocs\u002Fguide\u002Freflection\u002Findex.html",[78]," , Sun Microsystems, 2002.",[39,3466,3467,3470,3472,3473,1376],{},[42,3468],{"id":3469},"RuleAA.References-Sun03",[46,3471],{},"\n[Sun 2003] Sun Microsystems, ",[42,3474,3477],{"href":3475,"rel":3476},"http:\u002F\u002Fdocs.sun.com\u002Fsource\u002F817-2180-10\u002F",[78],"Sun ONE Application Server 7 Performance Tuning Guide",[39,3479,3480,3483,3485,3486,1658],{},[42,3481],{"id":3482},"RuleAA.References-Sun04a",[46,3484],{},"\n[Sun 2004a] ",[42,3487,3490],{"href":3488,"rel":3489},"http:\u002F\u002Fjava.sun.com\u002Fj2se\u002F1.5.0\u002Fdocs\u002Fguide\u002Fjmx\u002Findex.html",[78],"Java Management Extensions (JMX)",[39,3492,3493,3496,3498,3499,3504],{},[42,3494],{"id":3495},"RuleAA.References-Sun04b",[46,3497],{},"\n[Sun 2004b] ",[42,3500,3503],{"href":3501,"rel":3502},"http:\u002F\u002Fjava.sun.com\u002Fj2se\u002F1.5.0\u002Fdocs\u002Fguide\u002Fserialization\u002Fspec\u002FserialTOC.html",[78],"Java Object Serialization Specification"," , Version 1.5.0, Sun Microsystems, 2004.",[39,3506,3507,3510,3512,3513,1658],{},[42,3508],{"id":3509},"RuleAA.References-Sun04d",[46,3511],{},"\n[Sun 2004d] ",[42,3514,3517],{"href":3515,"rel":3516},"http:\u002F\u002Fjava.sun.com\u002Fj2se\u002F1.5.0\u002Fdocs\u002Fguide\u002Fjvmti\u002Fjvmti.html",[78],"JVM Tool Interface",[39,3519,3520,3523,3525,3526,1632],{},[42,3521],{"id":3522},"RuleAA.References-Sun06",[46,3524],{},"\n[Sun 2006] ",[42,3527,3530],{"href":3528,"rel":3529},"http:\u002F\u002Fjava.sun.com\u002Fjavase\u002F6\u002Fdocs\u002Findex.html",[78],"Java™ Platform, Standard Edition 6 documentation",[39,3532,3533,3536,3538,3539,2887],{},[42,3534],{"id":3535},"RuleAA.References-Sun08",[46,3537],{},"\n[Sun 2008] ",[42,3540,3543],{"href":3541,"rel":3542},"http:\u002F\u002Fjava.sun.com\u002Fjavase\u002F6\u002Fdocs\u002Ftechnotes\u002Fguides\u002Fjweb\u002Fapplet\u002Fapplet_execution.html",[78],"Java™ Plug-in and Applet Architecture",[39,3545,3546,3549,3551,3552,92,3557,3560],{},[42,3547],{"id":3548},"RuleAA.References-Sutherland10",[46,3550],{},"\n[Sutherland 2010] Dean F. Sutherland and William L. Scherlis, ",[42,3553,3556],{"href":3554,"rel":3555},"http:\u002F\u002Fportal.acm.org\u002Fcitation.cfm?doid=1693453.1693485",[78],"Composable Thread Coloring",[50,3558,3559],{},"Proceedings of the 15th ACM SIGPLAN Symposium on Principles and Practice of Parallel Programming"," , Association for Computing Machinery, New York, 2010.",[39,3562,3563,3566,3568,3569,3576],{},[42,3564],{"id":3565},"RuleAA.References-Tanenbaum03",[46,3567],{},"\n[Tanenbaum 2003] Andrew S. Tanenbaum and Maarten Van Steen, ",[42,3570,3573],{"href":3571,"rel":3572},"http:\u002F\u002Fwww.pearsonhighered.com\u002Feducator\u002Facademic\u002Fproduct\u002F0,,0132392275,00%2ben-USS_01DBC.html",[78],[50,3574,3575],{},"Distributed Systems: Principles and Paradigms"," , 2nd ed., Prentice Hall, Upper Saddle River, NJ, 2003.",[39,3578,3579,3582,3584,3585,324],{},[42,3580],{"id":3581},"RuleAA.References-Techtalk07",[46,3583],{},"\n[Techtalk 2007] Josh Bloch and William Pugh, ",[42,3586,3589],{"href":3587,"rel":3588},"http:\u002F\u002Fdevelopers.sun.com\u002Flearning\u002Fjavaoneonline\u002F2007\u002Fpdf\u002FTS-2707.pdf",[78],"The PhantomReference Menace. Attack of the Clone. Revenge of the Shift",[39,3591,3592,3595,3597,3598,3603,3604,3609],{},[42,3593],{"id":3594},"RuleAA.References-Tomcat09",[46,3596],{},"\n[Tomcat 2009] Apache Software Foundation, ",[42,3599,3602],{"href":3600,"rel":3601},"http:\u002F\u002Ftomcat.apache.org\u002Ftomcat-6.0-doc\u002Fchangelog.html",[78],"Changelog"," and ",[42,3605,3608],{"href":3606,"rel":3607},"http:\u002F\u002Ftomcat.apache.org\u002Fsecurity-6.html",[78],"Security fixes"," , Tomcat documentation, 2009.",[39,3611,3612,3615,3617,3618,3621],{},[42,3613],{"id":3614},"RuleAA.References-Unicode2003",[46,3616],{},"\n[Unicode 2003] The Unicode Consortium, ",[50,3619,3620],{},"The Unicode Standard"," , Version 4.0.0, defined by The Unicode Standard, Version 4.0, Addison-Wesley, Reading, MA, 2003.",[39,3623,3624,3627,3629,3630,3632,3633,1505],{},[42,3625],{"id":3626},"RuleAA.References-Unicode2007",[46,3628],{},"\n[Unicode 2007] The Unicode Consortium, ",[50,3631,3620],{}," , Version 5.1.0, defined by The Unicode Standard, Version 5.0, Addison-Wesley, Reading, MA, 2007, as amended by ",[42,3634,3637],{"href":3635,"rel":3636},"http:\u002F\u002Fwww.unicode.org\u002Fversions\u002FUnicode5.1.0\u002F",[78],"Unicode 5.1.0",[39,3639,3640,3643,3645,3646,92,3648,3653],{},[42,3641],{"id":3642},"RuleAA.References-Unicode2011",[46,3644],{},"\n[Unicode 2011] The Unicode Consortium, ",[50,3647,3620],{},[42,3649,3652],{"href":3650,"rel":3651},"http:\u002F\u002Fwww.unicode.org\u002Fversions\u002FUnicode6.0.0\u002F",[78],"Version 6.0.0"," , The Unicode Consortium, Mountain View, CA, 2011.",[39,3655,3656,3659,3661,3662,3670],{},[42,3657],{"id":3658},"RuleAA.References-Unicode2012",[46,3660],{},"\n[Unicode 2012] The Unicode Consortium. ",[50,3663,3664,3665],{},"The Unicode Standard, ",[42,3666,3669],{"href":3667,"rel":3668},"http:\u002F\u002Fwww.unicode.org\u002Fversions\u002FUnicode6.2.0\u002F",[78],"Unicode 6.2.0"," , (Mountain View, CA: The Unicode Consortium, 2012. ISBN 978-1-936213-07-8)",[39,3672,3673,3676,3678,3679,3684],{},[42,3674],{"id":3675},"RuleAA.References-Urma14",[46,3677],{},"\n[Urma 2014] Raoul-Gabriel Urma, ",[42,3680,3683],{"href":3681,"rel":3682},"http:\u002F\u002Fwww.oracle.com\u002Ftechnetwork\u002Farticles\u002Fjava\u002Fjava8-optional-2175753.html",[78],"Tired of Null Pointer Exceptions? Consider Using Java SE 8's Optional!"," , Oracle, March 2014.",[39,3686,3687,3690,3692,3693,3698,3699,3704],{},[42,3688],{"id":3689},"RuleAA.References-Venners97",[46,3691],{},"\n[Venners 1997] Bill Venners, ",[42,3694,3697],{"href":3695,"rel":3696},"http:\u002F\u002Fwww.javaworld.com\u002Fjavaworld\u002Fjw-09-1997\u002Fjw-09-hood.html?page=1",[78],"Security and the Class Loader Architecture"," , Java ",[42,3700,3703],{"href":3701,"rel":3702},"http:\u002F\u002FWorld.com",[78],"World.com"," , 1997.",[39,3706,3707,3710,3712,3713,3718],{},[42,3708],{"id":3709},"RuleAA.References-Venners03",[46,3711],{},"\n[Venners 2003] Bill Venners, ",[42,3714,3717],{"href":3715,"rel":3716},"http:\u002F\u002Fwww.artima.com\u002Fintv\u002Fsolid.html",[78],"Failure and Exceptions, A Conversation with James Gosling, Part II"," , Artima.com, 2003.",[39,3720,3721,3724,3726,3727,3732],{},[42,3722],{"id":3723},"RuleAA.References-Verify",[46,3725],{},"\n[Verify] ",[42,3728,3731],{"href":3729,"rel":3730},"http:\u002F\u002Fdeveloper.android.com\u002Fguide\u002Fpractices\u002Fverifying-apps-art.html",[78],"Verifying App Behavior on the Android Runtime (ART)"," , Android.",[39,3734,3735,3738,3740,3741,3744,3745,3748],{},[42,3736],{"id":3737},"RuleAA.References-Vermeulen00",[46,3739],{},"\n[Vermeulen 2000] Allan Vermeulen, Scott W. Ambler, Greg Bumgardner, Eldon Metz, Trevor Misfeldt, Jim Shur, and Patrick Thompson. ",[50,3742,3743],{},"The Elements of Java"," ™ ",[50,3746,3747],{},"Style"," . Cambridge University Press, New York, 2000.",[39,3750,3751,3754,3756,3757,702,3762],{},[42,3752],{"id":3753},"RuleAA.References-viaForensics14",[46,3755],{},"\n[viaForensics 2014] ",[42,3758,3761],{"href":3759,"rel":3760},"https:\u002F\u002Fviaforensics.com\u002Fresources\u002Freports\u002Fbest-practices-ios-android-secure-mobile-development\u002F",[78],"Secure mobile development best practices",[42,3763,3766],{"href":3764,"rel":3765},"http:\u002F\u002Fwww.w3.org\u002FTR\u002FREC-xml\u002F#include-if-valid",[78],", viaForensics LLC., 2014.",[39,3768,3769,3772,3774,3775,3781],{},[42,3770],{"id":3771},"RuleAA.References-W3C08",[46,3773],{},"\n[W3C 2008] Tim Bray, Jean Paoli, C. M. Sperberg-McQueen, Eve Maler, and François Yergeau, ",[42,3776,3778],{"href":3764,"rel":3777},[78],[50,3779,3780],{},"Extensible Markup Language (XML) 1.0"," , 5th ed., W3C Recommendation, 2008.",[39,3783,3784,3787,3789,3790,3795],{},[42,3785],{"id":3786},"RuleAA.References-W3C13",[46,3788],{},"\n[W3C 2013] Andrei Popescu, ",[42,3791,3794],{"href":3792,"rel":3793},"http:\u002F\u002Fwww.w3.org\u002FTR\u002Fgeolocation-API\u002F",[78],"Geolocation API Specification"," , W3C Recommendation, 2013.",[39,3797,3798,3801,3803,3804,3811],{},[42,3799],{"id":3800},"RuleAA.References-Ware08",[46,3802],{},"\n[Ware 2008] Michael S. Ware, ",[42,3805,3808],{"href":3806,"rel":3807},"http:\u002F\u002Fmikeware.us\u002Fthesis\u002F",[78],[50,3809,3810],{},"Writing Secure Java Code: A Taxonomy of Heuristics and an Evaluation of Static Analysis Tools"," , Masters thesis, James Madison University, Harrisonburg, VA, 2008.",[39,3813,3814,3817,3819,3820,3825],{},[42,3815],{"id":3816},"RuleAA.References-Weber09",[46,3818],{},"\n[Weber 2009] Chris Weber, ",[42,3821,3824],{"href":3822,"rel":3823},"http:\u002F\u002Fwww.lookout.net\u002Fwp-content\u002Fuploads\u002F2009\u002F03\u002Fchris_weber_exploiting-unicode-enabled-software-v15.pdf",[78],"Exploiting Unicode-enabled Software"," , CanSecWest, March 2009.",[39,3827,3828,3831,3833,3834,1376],{},[42,3829],{"id":3830},"RuleAA.References-Wheeler03",[46,3832],{},"\n[Wheeler 2003] David A. Wheeler, ",[42,3835,3838],{"href":3836,"rel":3837},"http:\u002F\u002Fwww.dwheeler.com\u002Fsecure-programs\u002FSecure-Programs-HOWTO\u002Findex.html",[78],"Secure Programming for Linux and Unix HOWTO",[39,3840,3841,3844,3846,3847,3852],{},[42,3842],{"id":3843},"RuleAA.References-White03",[46,3845],{},"\n[White 2003] Tom White, ",[42,3848,3851],{"href":3849,"rel":3850},"http:\u002F\u002Fonjava.com\u002Fpub\u002Fa\u002Fonjava\u002F2003\u002F08\u002F20\u002Fmemoization.html",[78],"Memoization in Java Using Dynamic Proxy Classes"," , August 2003.",[39,3854,3855,3858,3860,3861,3866],{},[42,3856],{"id":3857},"RuleAA.References-Zukowski04",[46,3859],{},"\n[Zukowski 2004] John Zukowski, ",[42,3862,3865],{"href":3863,"rel":3864},"http:\u002F\u002Fjava.sun.com\u002Fdeveloper\u002FJDCTechTips\u002F2004\u002Ftt0518.html#2",[78],"Creating Custom Security Permissions"," , Java Developer Connection Tech Tips, May 18, 2004.",{"title":3868,"searchDepth":3869,"depth":3869,"links":3870},"",2,[],"\n[Abadi 1996] Martin Abadi and Roger Needham, Prudent Engineering Practice for Cryptographic Protocols, IEEE Transactions on Software Engineering , Volume 22, Issue 1, 1996, 6–15.","md",{"tags":3874},[3875,3876],"bm","rule","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-aa-references",{"title":30,"description":3871},"6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F4.rule-aa-references","s__DbPKEWi48BBzjsIWdZx-END0xGeElFhzSLlmiWoo",[3882,3886],{"title":3883,"path":3884,"stem":3885,"children":-1},"Rec. BB. Definitions","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frec-bb-definitions","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F3.rec-bb-definitions",{"title":3887,"path":3888,"stem":3889,"children":-1},"Rule BB. Glossary","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-bb-glossary","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F5.rule-bb-glossary",[3891],{"title":3892,"path":3893,"stem":3894,"children":3895},"SEI CERT Oracle Coding Standard for Java","\u002Fsei-cert-oracle-coding-standard-for-java","6.sei-cert-oracle-coding-standard-for-java\u002F1.index",[3896,3897,4037,4875,5274,5443],{"title":3892,"path":3893,"stem":3894},{"title":3898,"path":3899,"stem":3900,"children":3901},"Front Matter","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F1.index",[3902,3903,3907,3911,3915,3961,3999],{"title":3898,"path":3899,"stem":3900},{"title":3904,"path":3905,"stem":3906},"Rules versus Recommendations (Java)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frules-versus-recommendations-java","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F2.rules-versus-recommendations-java",{"title":3908,"path":3909,"stem":3910},"Acknowledgments","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Facknowledgments","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F3.acknowledgments",{"title":3912,"path":3913,"stem":3914},"Deprecations","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Fdeprecations","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F4.deprecations",{"title":3916,"path":3917,"stem":3918,"children":3919},"Rec. Preface","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frec-preface","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F4.rec-preface\u002F01.index",[3920,3921,3925,3929,3933,3937,3941,3945,3949,3953,3957],{"title":3916,"path":3917,"stem":3918},{"title":3922,"path":3923,"stem":3924},"Scope","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frec-preface\u002Fscope","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F4.rec-preface\u002F02.scope",{"title":3926,"path":3927,"stem":3928},"Audience","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frec-preface\u002Faudience","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F4.rec-preface\u002F03.audience",{"title":3930,"path":3931,"stem":3932},"Contents and Organization","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frec-preface\u002Fcontents-and-organization","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F4.rec-preface\u002F05.contents-and-organization",{"title":3934,"path":3935,"stem":3936},"Guidelines","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frec-preface\u002Fguidelines","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F4.rec-preface\u002F06.guidelines",{"title":3938,"path":3939,"stem":3940},"Usage","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frec-preface\u002Fusage","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F4.rec-preface\u002F07.usage",{"title":3942,"path":3943,"stem":3944},"System Qualities","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frec-preface\u002Fsystem-qualities","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F4.rec-preface\u002F08.system-qualities",{"title":3946,"path":3947,"stem":3948},"Priority and Levels","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frec-preface\u002Fpriority-and-levels","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F4.rec-preface\u002F09.priority-and-levels",{"title":3950,"path":3951,"stem":3952},"Automatically Generated Code","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frec-preface\u002Fautomatically-generated-code","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F4.rec-preface\u002F10.automatically-generated-code",{"title":3954,"path":3955,"stem":3956},"Source Code Validation","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frec-preface\u002Fsource-code-validation","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F4.rec-preface\u002F11.source-code-validation",{"title":3958,"path":3959,"stem":3960},"Tool Selection and Validation","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frec-preface\u002Ftool-selection-and-validation","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F4.rec-preface\u002F12.tool-selection-and-validation",{"title":3962,"path":3963,"stem":3964,"children":3965},"Rule. Introduction","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-introduction","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F5.rule-introduction\u002F01.index",[3966,3967,3971,3975,3979,3983,3987,3991,3995],{"title":3962,"path":3963,"stem":3964},{"title":3968,"path":3969,"stem":3970},"Input Validation and Data Sanitization","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-introduction\u002Finput-validation-and-data-sanitization","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F5.rule-introduction\u002F02.input-validation-and-data-sanitization",{"title":3972,"path":3973,"stem":3974},"Leaking Sensitive Data","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-introduction\u002Fleaking-sensitive-data","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F5.rule-introduction\u002F03.leaking-sensitive-data",{"title":3976,"path":3977,"stem":3978},"Type Safety","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-introduction\u002Ftype-safety","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F5.rule-introduction\u002F04.type-safety",{"title":3980,"path":3981,"stem":3982},"Leaking Capabilities","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-introduction\u002Fleaking-capabilities","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F5.rule-introduction\u002F05.leaking-capabilities",{"title":3984,"path":3985,"stem":3986},"Denial of Service","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-introduction\u002Fdenial-of-service","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F5.rule-introduction\u002F06.denial-of-service",{"title":3988,"path":3989,"stem":3990},"Libraries","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-introduction\u002Flibraries","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F5.rule-introduction\u002F07.libraries",{"title":3992,"path":3993,"stem":3994},"Concurrency, Visibility, and Memory","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-introduction\u002Fconcurrency-visibility-and-memory","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F5.rule-introduction\u002F08.concurrency-visibility-and-memory",{"title":3996,"path":3997,"stem":3998},"Privilege Escalation","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-introduction\u002Fprivilege-escalation","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F5.rule-introduction\u002F09.privilege-escalation",{"title":4000,"path":4001,"stem":4002,"children":4003},"Rule. Preface","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-preface","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F6.rule-preface\u002F01.index",[4004,4005,4008,4011,4014,4018,4021,4024,4027,4030,4034],{"title":4000,"path":4001,"stem":4002},{"title":3922,"path":4006,"stem":4007},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-preface\u002Fscope","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F6.rule-preface\u002F02.scope",{"title":3926,"path":4009,"stem":4010},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-preface\u002Faudience","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F6.rule-preface\u002F03.audience",{"title":3930,"path":4012,"stem":4013},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-preface\u002Fcontents-and-organization","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F6.rule-preface\u002F04.contents-and-organization",{"title":4015,"path":4016,"stem":4017},"Identifiers","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-preface\u002Fidentifiers","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F6.rule-preface\u002F05.identifiers",{"title":3938,"path":4019,"stem":4020},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-preface\u002Fusage","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F6.rule-preface\u002F06.usage",{"title":3942,"path":4022,"stem":4023},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-preface\u002Fsystem-qualities","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F6.rule-preface\u002F07.system-qualities",{"title":3946,"path":4025,"stem":4026},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-preface\u002Fpriority-and-levels","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F6.rule-preface\u002F08.priority-and-levels",{"title":3950,"path":4028,"stem":4029},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-preface\u002Fautomatically-generated-code","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F6.rule-preface\u002F09.automatically-generated-code",{"title":4031,"path":4032,"stem":4033},"Conformance Testing","\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-preface\u002Fconformance-testing","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F6.rule-preface\u002F10.conformance-testing",{"title":3958,"path":4035,"stem":4036},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Ffront-matter\u002Frule-preface\u002Ftool-selection-and-validation","6.sei-cert-oracle-coding-standard-for-java\u002F2.front-matter\u002F6.rule-preface\u002F11.tool-selection-and-validation",{"title":4038,"path":4039,"stem":4040,"children":4041},"Rules","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F01.index",[4042,4043,4047,4073,4091,4137,4175,4249,4303,4329,4383,4445,4499,4557,4619,4669,4709,4767,4797,4823,4845],{"title":4038,"path":4039,"stem":4040},{"title":4044,"path":4045,"stem":4046},"Android (DRD)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fandroid-drd","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F02.android-drd",{"title":4048,"path":4049,"stem":4050,"children":4051},"Characters and Strings (STR)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fcharacters-and-strings-str","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F03.characters-and-strings-str\u002F1.index",[4052,4053,4057,4061,4065,4069],{"title":4048,"path":4049,"stem":4050},{"title":4054,"path":4055,"stem":4056},"STR00-J. Don't form strings containing partial characters from variable-width encodings","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fcharacters-and-strings-str\u002Fstr00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F03.characters-and-strings-str\u002F2.str00-j",{"title":4058,"path":4059,"stem":4060},"STR01-J. Do not assume that a Java char fully represents a Unicode code point","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fcharacters-and-strings-str\u002Fstr01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F03.characters-and-strings-str\u002F3.str01-j",{"title":4062,"path":4063,"stem":4064},"STR02-J. Specify an appropriate locale when comparing locale-dependent data","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fcharacters-and-strings-str\u002Fstr02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F03.characters-and-strings-str\u002F4.str02-j",{"title":4066,"path":4067,"stem":4068},"STR03-J. Do not encode noncharacter data as a string","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fcharacters-and-strings-str\u002Fstr03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F03.characters-and-strings-str\u002F5.str03-j",{"title":4070,"path":4071,"stem":4072},"STR04-J. Use compatible character encodings when communicating string data between JVMs","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fcharacters-and-strings-str\u002Fstr04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F03.characters-and-strings-str\u002F6.str04-j",{"title":4074,"path":4075,"stem":4076,"children":4077},"Declarations and Initialization (DCL)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fdeclarations-and-initialization-dcl","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F04.declarations-and-initialization-dcl\u002F1.index",[4078,4079,4083,4087],{"title":4074,"path":4075,"stem":4076},{"title":4080,"path":4081,"stem":4082},"DCL00-J. Prevent class initialization cycles","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fdeclarations-and-initialization-dcl\u002Fdcl00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F04.declarations-and-initialization-dcl\u002F2.dcl00-j",{"title":4084,"path":4085,"stem":4086},"DCL01-J. Do not reuse public identifiers from the Java Standard Library","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fdeclarations-and-initialization-dcl\u002Fdcl01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F04.declarations-and-initialization-dcl\u002F3.dcl01-j",{"title":4088,"path":4089,"stem":4090},"DCL02-J. Do not modify the collection's elements during an enhanced for statement","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fdeclarations-and-initialization-dcl\u002Fdcl02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F04.declarations-and-initialization-dcl\u002F4.dcl02-j",{"title":4092,"path":4093,"stem":4094,"children":4095},"Exceptional Behavior (ERR)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexceptional-behavior-err","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F05.exceptional-behavior-err\u002F01.index",[4096,4097,4101,4105,4109,4113,4117,4121,4125,4129,4133],{"title":4092,"path":4093,"stem":4094},{"title":4098,"path":4099,"stem":4100},"ERR00-J. Do not suppress or ignore checked exceptions","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexceptional-behavior-err\u002Ferr00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F05.exceptional-behavior-err\u002F02.err00-j",{"title":4102,"path":4103,"stem":4104},"ERR01-J. Do not allow exceptions to expose sensitive information","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexceptional-behavior-err\u002Ferr01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F05.exceptional-behavior-err\u002F03.err01-j",{"title":4106,"path":4107,"stem":4108},"ERR02-J. Prevent exceptions while logging data","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexceptional-behavior-err\u002Ferr02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F05.exceptional-behavior-err\u002F04.err02-j",{"title":4110,"path":4111,"stem":4112},"ERR03-J. Restore prior object state on method failure","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexceptional-behavior-err\u002Ferr03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F05.exceptional-behavior-err\u002F05.err03-j",{"title":4114,"path":4115,"stem":4116},"ERR04-J. Do not complete abruptly from a finally block","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexceptional-behavior-err\u002Ferr04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F05.exceptional-behavior-err\u002F06.err04-j",{"title":4118,"path":4119,"stem":4120},"ERR05-J. Do not let checked exceptions escape from a finally block","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexceptional-behavior-err\u002Ferr05-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F05.exceptional-behavior-err\u002F07.err05-j",{"title":4122,"path":4123,"stem":4124},"ERR06-J. Do not throw undeclared checked exceptions","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexceptional-behavior-err\u002Ferr06-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F05.exceptional-behavior-err\u002F08.err06-j",{"title":4126,"path":4127,"stem":4128},"ERR07-J. Do not throw RuntimeException, Exception, or Throwable","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexceptional-behavior-err\u002Ferr07-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F05.exceptional-behavior-err\u002F09.err07-j",{"title":4130,"path":4131,"stem":4132},"ERR08-J. Do not catch NullPointerException or any of its ancestors","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexceptional-behavior-err\u002Ferr08-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F05.exceptional-behavior-err\u002F10.err08-j",{"title":4134,"path":4135,"stem":4136},"ERR09-J. Do not allow untrusted code to terminate the JVM","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexceptional-behavior-err\u002Ferr09-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F05.exceptional-behavior-err\u002F11.err09-j",{"title":4138,"path":4139,"stem":4140,"children":4141},"Expressions (EXP)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexpressions-exp","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F06.expressions-exp\u002F1.index",[4142,4143,4147,4151,4155,4159,4163,4167,4171],{"title":4138,"path":4139,"stem":4140},{"title":4144,"path":4145,"stem":4146},"EXP00-J. Do not ignore values returned by methods","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexpressions-exp\u002Fexp00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F06.expressions-exp\u002F2.exp00-j",{"title":4148,"path":4149,"stem":4150},"EXP01-J. Do not use a null in a case where an object is required","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexpressions-exp\u002Fexp01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F06.expressions-exp\u002F3.exp01-j",{"title":4152,"path":4153,"stem":4154},"EXP02-J. Do not use the Object.equals() method to compare two arrays","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexpressions-exp\u002Fexp02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F06.expressions-exp\u002F4.exp02-j",{"title":4156,"path":4157,"stem":4158},"EXP03-J. Do not use the equality operators when comparing values of boxed primitives","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexpressions-exp\u002Fexp03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F06.expressions-exp\u002F5.exp03-j",{"title":4160,"path":4161,"stem":4162},"EXP04-J. Do not pass arguments to certain Java Collections Framework methods that are a different type than the collection parameter type","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexpressions-exp\u002Fexp04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F06.expressions-exp\u002F6.exp04-j",{"title":4164,"path":4165,"stem":4166},"EXP05-J. Do not follow a write by a subsequent write or read of the same object within an expression","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexpressions-exp\u002Fexp05-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F06.expressions-exp\u002F7.exp05-j",{"title":4168,"path":4169,"stem":4170},"EXP06-J. Expressions used in assertions must not produce side effects","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexpressions-exp\u002Fexp06-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F06.expressions-exp\u002F8.exp06-j",{"title":4172,"path":4173,"stem":4174},"EXP07-J. Prevent loss of useful data due to weak references","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fexpressions-exp\u002Fexp07-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F06.expressions-exp\u002F9.exp07-j",{"title":4176,"path":4177,"stem":4178,"children":4179},"Input Output (FIO)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F01.index",[4180,4181,4185,4189,4193,4197,4201,4205,4209,4213,4217,4221,4225,4229,4233,4237,4241,4245],{"title":4176,"path":4177,"stem":4178},{"title":4182,"path":4183,"stem":4184},"FIO00-J. Do not operate on files in shared directories","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F02.fio00-j",{"title":4186,"path":4187,"stem":4188},"FIO01-J. Create files with appropriate access permissions","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F03.fio01-j",{"title":4190,"path":4191,"stem":4192},"FIO02-J. Detect and handle file-related errors","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F04.fio02-j",{"title":4194,"path":4195,"stem":4196},"FIO03-J. Remove temporary files before termination","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F05.fio03-j",{"title":4198,"path":4199,"stem":4200},"FIO04-J. Release resources when they are no longer needed","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F06.fio04-j",{"title":4202,"path":4203,"stem":4204},"FIO05-J. Do not expose buffers or their backing arrays methods to untrusted code","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio05-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F07.fio05-j",{"title":4206,"path":4207,"stem":4208},"FIO06-J. Do not create multiple buffered wrappers on a single byte or character stream","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio06-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F08.fio06-j",{"title":4210,"path":4211,"stem":4212},"FIO07-J. Do not let external processes block on IO buffers","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio07-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F09.fio07-j",{"title":4214,"path":4215,"stem":4216},"FIO08-J. Distinguish between characters or bytes read from a stream and -1","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio08-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F10.fio08-j",{"title":4218,"path":4219,"stem":4220},"FIO09-J. Do not rely on the write() method to output integers outside the range 0 to 255","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio09-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F11.fio09-j",{"title":4222,"path":4223,"stem":4224},"FIO10-J. Ensure the array is filled when using read() to fill an array","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio10-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F12.fio10-j",{"title":4226,"path":4227,"stem":4228},"FIO11-J. Do not convert between strings and bytes without specifying a valid character encoding","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio11-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F13.fio11-j",{"title":4230,"path":4231,"stem":4232},"FIO12-J. Provide methods to read and write little-endian data","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio12-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F14.fio12-j",{"title":4234,"path":4235,"stem":4236},"FIO13-J. Do not log sensitive information outside a trust boundary","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio13-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F15.fio13-j",{"title":4238,"path":4239,"stem":4240},"FIO14-J. Perform proper cleanup at program termination","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio14-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F16.fio14-j",{"title":4242,"path":4243,"stem":4244},"FIO15-J. Do not reset a servlet's output stream after committing it","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio15-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F17.fio15-j",{"title":4246,"path":4247,"stem":4248},"FIO16-J. Canonicalize path names before validating them","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-output-fio\u002Ffio16-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F07.input-output-fio\u002F18.fio16-j",{"title":4250,"path":4251,"stem":4252,"children":4253},"Input Validation and Data Sanitization (IDS)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F08.input-validation-and-data-sanitization-ids\u002F01.index",[4254,4255,4259,4263,4267,4271,4275,4279,4283,4287,4291,4295,4299],{"title":4250,"path":4251,"stem":4252},{"title":4256,"path":4257,"stem":4258},"IDS00-J. Prevent SQL injection","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F08.input-validation-and-data-sanitization-ids\u002F02.ids00-j",{"title":4260,"path":4261,"stem":4262},"IDS01-J. Normalize strings before validating them","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F08.input-validation-and-data-sanitization-ids\u002F03.ids01-j",{"title":4264,"path":4265,"stem":4266},"IDS03-J. Do not log unsanitized user input","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F08.input-validation-and-data-sanitization-ids\u002F04.ids03-j",{"title":4268,"path":4269,"stem":4270},"IDS04-J. Safely extract files from ZipInputStream","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F08.input-validation-and-data-sanitization-ids\u002F05.ids04-j",{"title":4272,"path":4273,"stem":4274},"IDS06-J. Exclude unsanitized user input from format strings","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids06-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F08.input-validation-and-data-sanitization-ids\u002F06.ids06-j",{"title":4276,"path":4277,"stem":4278},"IDS07-J. Sanitize untrusted data passed to the Runtime.exec() method","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids07-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F08.input-validation-and-data-sanitization-ids\u002F07.ids07-j",{"title":4280,"path":4281,"stem":4282},"IDS08-J. Sanitize untrusted data included in a regular expression","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids08-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F08.input-validation-and-data-sanitization-ids\u002F08.ids08-j",{"title":4284,"path":4285,"stem":4286},"IDS11-J. Perform any string modifications before validation","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids11-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F08.input-validation-and-data-sanitization-ids\u002F09.ids11-j",{"title":4288,"path":4289,"stem":4290},"IDS14-J. Do not trust the contents of hidden form fields","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids14-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F08.input-validation-and-data-sanitization-ids\u002F10.ids14-j",{"title":4292,"path":4293,"stem":4294},"IDS15-J. Do not allow sensitive information to leak outside a trust boundary","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids15-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F08.input-validation-and-data-sanitization-ids\u002F11.ids15-j",{"title":4296,"path":4297,"stem":4298},"IDS16-J. Prevent XML Injection","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids16-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F08.input-validation-and-data-sanitization-ids\u002F12.ids16-j",{"title":4300,"path":4301,"stem":4302},"IDS17-J. Prevent XML External Entity Attacks","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Finput-validation-and-data-sanitization-ids\u002Fids17-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F08.input-validation-and-data-sanitization-ids\u002F13.ids17-j",{"title":4304,"path":4305,"stem":4306,"children":4307},"Java Native Interface (JNI)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fjava-native-interface-jni","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F09.java-native-interface-jni\u002F1.index",[4308,4309,4313,4317,4321,4325],{"title":4304,"path":4305,"stem":4306},{"title":4310,"path":4311,"stem":4312},"JNI00-J. Define wrappers around native methods","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fjava-native-interface-jni\u002Fjni00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F09.java-native-interface-jni\u002F2.jni00-j",{"title":4314,"path":4315,"stem":4316},"JNI01-J. Safely invoke standard APIs that perform tasks using the immediate caller's class loader instance (loadLibrary)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fjava-native-interface-jni\u002Fjni01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F09.java-native-interface-jni\u002F3.jni01-j",{"title":4318,"path":4319,"stem":4320},"JNI02-J. Do not assume object references are constant or unique","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fjava-native-interface-jni\u002Fjni02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F09.java-native-interface-jni\u002F4.jni02-j",{"title":4322,"path":4323,"stem":4324},"JNI03-J. Do not use direct pointers to Java objects in JNI code","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fjava-native-interface-jni\u002Fjni03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F09.java-native-interface-jni\u002F5.jni03-j",{"title":4326,"path":4327,"stem":4328},"JNI04-J. Do not assume that Java strings are null-terminated","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fjava-native-interface-jni\u002Fjni04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F09.java-native-interface-jni\u002F6.jni04-j",{"title":4330,"path":4331,"stem":4332,"children":4333},"Locking (LCK)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F10.locking-lck\u002F01.index",[4334,4335,4339,4343,4347,4351,4355,4359,4363,4367,4371,4375,4379],{"title":4330,"path":4331,"stem":4332},{"title":4336,"path":4337,"stem":4338},"LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck\u002Flck00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F10.locking-lck\u002F02.lck00-j",{"title":4340,"path":4341,"stem":4342},"LCK01-J. Do not synchronize on objects that may be reused","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck\u002Flck01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F10.locking-lck\u002F03.lck01-j",{"title":4344,"path":4345,"stem":4346},"LCK02-J. Do not synchronize on the class object returned by getClass()","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck\u002Flck02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F10.locking-lck\u002F04.lck02-j",{"title":4348,"path":4349,"stem":4350},"LCK03-J. Do not synchronize on the intrinsic locks of high-level concurrency objects","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck\u002Flck03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F10.locking-lck\u002F05.lck03-j",{"title":4352,"path":4353,"stem":4354},"LCK04-J. Do not synchronize on a collection view if the backing collection is accessible","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck\u002Flck04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F10.locking-lck\u002F06.lck04-j",{"title":4356,"path":4357,"stem":4358},"LCK05-J. Synchronize access to static fields that can be modified by untrusted code","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck\u002Flck05-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F10.locking-lck\u002F07.lck05-j",{"title":4360,"path":4361,"stem":4362},"LCK06-J. Do not use an instance lock to protect shared static data","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck\u002Flck06-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F10.locking-lck\u002F08.lck06-j",{"title":4364,"path":4365,"stem":4366},"LCK07-J. Avoid deadlock by requesting and releasing locks in the same order","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck\u002Flck07-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F10.locking-lck\u002F09.lck07-j",{"title":4368,"path":4369,"stem":4370},"LCK08-J. Ensure actively held locks are released on exceptional conditions","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck\u002Flck08-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F10.locking-lck\u002F10.lck08-j",{"title":4372,"path":4373,"stem":4374},"LCK09-J. Do not perform operations that can block while holding a lock","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck\u002Flck09-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F10.locking-lck\u002F11.lck09-j",{"title":4376,"path":4377,"stem":4378},"LCK10-J. Use a correct form of the double-checked locking idiom","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck\u002Flck10-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F10.locking-lck\u002F12.lck10-j",{"title":4380,"path":4381,"stem":4382},"LCK11-J. Avoid client-side locking when using classes that do not commit to their locking strategy","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Flocking-lck\u002Flck11-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F10.locking-lck\u002F13.lck11-j",{"title":4384,"path":4385,"stem":4386,"children":4387},"Methods (MET)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F01.index",[4388,4389,4393,4397,4401,4405,4409,4413,4417,4421,4425,4429,4433,4437,4441],{"title":4384,"path":4385,"stem":4386},{"title":4390,"path":4391,"stem":4392},"MET00-J. Validate method arguments","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F02.met00-j",{"title":4394,"path":4395,"stem":4396},"MET01-J. Never use assertions to validate method arguments","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F03.met01-j",{"title":4398,"path":4399,"stem":4400},"MET02-J. Do not use deprecated or obsolete classes or methods","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F04.met02-j",{"title":4402,"path":4403,"stem":4404},"MET03-J. Methods that perform a security check must be declared private or final","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F05.met03-j",{"title":4406,"path":4407,"stem":4408},"MET04-J. Do not increase the accessibility of overridden or hidden methods","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F06.met04-j",{"title":4410,"path":4411,"stem":4412},"MET05-J. Ensure that constructors do not call overridable methods","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet05-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F07.met05-j",{"title":4414,"path":4415,"stem":4416},"MET06-J. Do not invoke overridable methods in clone()","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet06-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F08.met06-j",{"title":4418,"path":4419,"stem":4420},"MET07-J. Never declare a class method that hides a method declared in a superclass or superinterface","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet07-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F09.met07-j",{"title":4422,"path":4423,"stem":4424},"MET08-J. Preserve the equality contract when overriding the equals() method","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet08-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F10.met08-j",{"title":4426,"path":4427,"stem":4428},"MET09-J. Classes that define an equals() method must also define a hashCode() method","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet09-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F11.met09-j",{"title":4430,"path":4431,"stem":4432},"MET10-J. Follow the general contract when implementing the compareTo() method","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet10-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F12.met10-j",{"title":4434,"path":4435,"stem":4436},"MET11-J. Ensure that keys used in comparison operations are immutable","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet11-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F13.met11-j",{"title":4438,"path":4439,"stem":4440},"MET12-J. Do not use finalizers","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet12-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F14.met12-j",{"title":4442,"path":4443,"stem":4444},"MET13-J. Do not assume that reassigning method arguments modifies the calling environment","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmethods-met\u002Fmet13-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F11.methods-met\u002F15.met13-j",{"title":4446,"path":4447,"stem":4448,"children":4449},"Miscellaneous (MSC)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F01.index",[4450,4451,4455,4459,4463,4467,4471,4475,4479,4483,4487,4491,4495],{"title":4446,"path":4447,"stem":4448},{"title":4452,"path":4453,"stem":4454},"MSC00-J. Use SSLSocket rather than Socket for secure data exchange","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F02.msc00-j",{"title":4456,"path":4457,"stem":4458},"MSC01-J. Do not use an empty infinite loop","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F03.msc01-j",{"title":4460,"path":4461,"stem":4462},"MSC02-J. Generate strong random numbers","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F04.msc02-j",{"title":4464,"path":4465,"stem":4466},"MSC03-J. Never hard code sensitive information","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F05.msc03-j",{"title":4468,"path":4469,"stem":4470},"MSC04-J. Do not leak memory","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F06.msc04-j",{"title":4472,"path":4473,"stem":4474},"MSC05-J. Do not exhaust heap space","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc05-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F07.msc05-j",{"title":4476,"path":4477,"stem":4478},"MSC06-J. Do not modify the underlying collection when an iteration is in progress","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc06-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F08.msc06-j",{"title":4480,"path":4481,"stem":4482},"MSC07-J. Prevent multiple instantiations of singleton objects","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc07-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F09.msc07-j",{"title":4484,"path":4485,"stem":4486},"MSC08-J. Do not store nonserializable objects as attributes in an HTTP session","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc08-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F10.msc08-j",{"title":4488,"path":4489,"stem":4490},"MSC09-J. For OAuth, ensure (a) [relying party receiving user's ID in last step] is same as (b) [relying party the access token was granted to].","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc09-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F11.msc09-j",{"title":4492,"path":4493,"stem":4494},"MSC10-J. Do not use OAuth 2.0 implicit grant (unmodified) for authentication","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc10-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F12.msc10-j",{"title":4496,"path":4497,"stem":4498},"MSC11-J. Do not let session information leak within a servlet","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fmiscellaneous-msc\u002Fmsc11-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F12.miscellaneous-msc\u002F13.msc11-j",{"title":4500,"path":4501,"stem":4502,"children":4503},"Numeric Types and Operations (NUM)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F01.index",[4504,4505,4509,4513,4517,4521,4525,4529,4533,4537,4541,4545,4549,4553],{"title":4500,"path":4501,"stem":4502},{"title":4506,"path":4507,"stem":4508},"NUM00-J. Detect or prevent integer overflow","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F02.num00-j",{"title":4510,"path":4511,"stem":4512},"NUM01-J. Do not perform bitwise and arithmetic operations on the same data","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F03.num01-j",{"title":4514,"path":4515,"stem":4516},"NUM02-J. Ensure that division and remainder operations do not result in divide-by-zero errors","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F04.num02-j",{"title":4518,"path":4519,"stem":4520},"NUM03-J. Use integer types that can fully represent the possible range of unsigned data","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F05.num03-j",{"title":4522,"path":4523,"stem":4524},"NUM04-J. Do not use floating-point numbers if precise computation is required","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F06.num04-j",{"title":4526,"path":4527,"stem":4528},"NUM07-J. Do not attempt comparisons with NaN","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum07-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F07.num07-j",{"title":4530,"path":4531,"stem":4532},"NUM08-J. Check floating-point inputs for exceptional values","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum08-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F08.num08-j",{"title":4534,"path":4535,"stem":4536},"NUM09-J. Do not use floating-point variables as loop counters","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum09-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F09.num09-j",{"title":4538,"path":4539,"stem":4540},"NUM10-J. Do not construct BigDecimal objects from floating-point literals","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum10-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F10.num10-j",{"title":4542,"path":4543,"stem":4544},"NUM11-J. Do not compare or inspect the string representation of floating-point values","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum11-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F11.num11-j",{"title":4546,"path":4547,"stem":4548},"NUM12-J. Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum12-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F12.num12-j",{"title":4550,"path":4551,"stem":4552},"NUM13-J. Avoid loss of precision when converting primitive integers to floating-point","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum13-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F13.num13-j",{"title":4554,"path":4555,"stem":4556},"NUM14-J. Use shift operators correctly","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fnumeric-types-and-operations-num\u002Fnum14-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F13.numeric-types-and-operations-num\u002F14.num14-j",{"title":4558,"path":4559,"stem":4560,"children":4561},"Object Orientation (OBJ)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F01.index",[4562,4563,4567,4571,4575,4579,4583,4587,4591,4595,4599,4603,4607,4611,4615],{"title":4558,"path":4559,"stem":4560},{"title":4564,"path":4565,"stem":4566},"OBJ01-J. Limit accessibility of fields","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F02.obj01-j",{"title":4568,"path":4569,"stem":4570},"OBJ02-J. Preserve dependencies in subclasses when changing superclasses","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F03.obj02-j",{"title":4572,"path":4573,"stem":4574},"OBJ03-J. Prevent heap pollution","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F04.obj03-j",{"title":4576,"path":4577,"stem":4578},"OBJ04-J. Provide mutable classes with copy functionality to safely allow passing instances to untrusted code","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F05.obj04-j",{"title":4580,"path":4581,"stem":4582},"OBJ05-J. Do not return references to private mutable class members","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj05-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F06.obj05-j",{"title":4584,"path":4585,"stem":4586},"OBJ06-J. Defensively copy mutable inputs and mutable internal components","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj06-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F07.obj06-j",{"title":4588,"path":4589,"stem":4590},"OBJ07-J. Sensitive classes must not let themselves be copied","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj07-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F08.obj07-j",{"title":4592,"path":4593,"stem":4594},"OBJ08-J. Do not expose private members of an outer class from within a nested class","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj08-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F09.obj08-j",{"title":4596,"path":4597,"stem":4598},"OBJ09-J. Compare classes and not class names","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj09-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F10.obj09-j",{"title":4600,"path":4601,"stem":4602},"OBJ10-J. Do not use public static nonfinal fields","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj10-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F11.obj10-j",{"title":4604,"path":4605,"stem":4606},"OBJ11-J. Be wary of letting constructors throw exceptions","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj11-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F12.obj11-j",{"title":4608,"path":4609,"stem":4610},"OBJ12-J. Respect object-based annotations","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj12-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F13.obj12-j",{"title":4612,"path":4613,"stem":4614},"OBJ13-J. Ensure that references to mutable objects are not exposed","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj13-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F14.obj13-j",{"title":4616,"path":4617,"stem":4618},"OBJ14-J. Do not use an object that has been freed.","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fobject-orientation-obj\u002Fobj14-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F14.object-orientation-obj\u002F15.obj14-j",{"title":4620,"path":4621,"stem":4622,"children":4623},"Platform Security (SEC)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F15.platform-security-sec\u002F01.index",[4624,4625,4629,4633,4637,4641,4645,4649,4653,4657,4661,4665],{"title":4620,"path":4621,"stem":4622},{"title":4626,"path":4627,"stem":4628},"SEC00-J. Do not allow privileged blocks to leak sensitive information across a trust boundary","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec\u002Fsec00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F15.platform-security-sec\u002F02.sec00-j",{"title":4630,"path":4631,"stem":4632},"SEC01-J. Do not allow tainted variables in privileged blocks","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec\u002Fsec01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F15.platform-security-sec\u002F03.sec01-j",{"title":4634,"path":4635,"stem":4636},"SEC02-J. Do not base security checks on untrusted sources","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec\u002Fsec02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F15.platform-security-sec\u002F04.sec02-j",{"title":4638,"path":4639,"stem":4640},"SEC03-J. Do not load trusted classes after allowing untrusted code to load arbitrary classes","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec\u002Fsec03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F15.platform-security-sec\u002F05.sec03-j",{"title":4642,"path":4643,"stem":4644},"SEC04-J. Protect sensitive operations with security manager checks","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec\u002Fsec04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F15.platform-security-sec\u002F06.sec04-j",{"title":4646,"path":4647,"stem":4648},"SEC05-J. Do not use reflection to increase accessibility of classes, methods, or fields","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec\u002Fsec05-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F15.platform-security-sec\u002F07.sec05-j",{"title":4650,"path":4651,"stem":4652},"SEC06-J. Do not rely on the default automatic signature verification provided by URLClassLoader and java.util.jar","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec\u002Fsec06-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F15.platform-security-sec\u002F08.sec06-j",{"title":4654,"path":4655,"stem":4656},"SEC07-J. Call the superclass's getPermissions() method when writing a custom class loader","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec\u002Fsec07-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F15.platform-security-sec\u002F09.sec07-j",{"title":4658,"path":4659,"stem":4660},"SEC08-J Trusted code must discard or clean any arguments provided by untrusted code","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec\u002Fsec08-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F15.platform-security-sec\u002F10.sec08-j",{"title":4662,"path":4663,"stem":4664},"SEC09-J Never leak the results of certain standard API methods from trusted code to untrusted code","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec\u002Fsec09-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F15.platform-security-sec\u002F11.sec09-j",{"title":4666,"path":4667,"stem":4668},"SEC10-J Never permit untrusted code to invoke any API that may (possibly transitively) invoke the reflection APIs","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fplatform-security-sec\u002Fsec10-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F15.platform-security-sec\u002F12.sec10-j",{"title":4670,"path":4671,"stem":4672,"children":4673},"Runtime Environment (ENV)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fruntime-environment-env","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F16.runtime-environment-env\u002F1.index",[4674,4675,4679,4683,4687,4697,4701,4705],{"title":4670,"path":4671,"stem":4672},{"title":4676,"path":4677,"stem":4678},"ENV00-J. Do not sign code that performs only unprivileged operations","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fruntime-environment-env\u002Fenv00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F16.runtime-environment-env\u002F2.env00-j",{"title":4680,"path":4681,"stem":4682},"ENV01-J. Place all security-sensitive code in a single JAR and sign and seal it","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fruntime-environment-env\u002Fenv01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F16.runtime-environment-env\u002F3.env01-j",{"title":4684,"path":4685,"stem":4686},"ENV02-J. Do not trust the values of environment variables","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fruntime-environment-env\u002Fenv02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F16.runtime-environment-env\u002F4.env02-j",{"title":4688,"path":4689,"stem":4690,"children":4691},"ENV03-J. Do not grant dangerous combinations of permissions","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fruntime-environment-env\u002Fenv03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F16.runtime-environment-env\u002F5.env03-j\u002F1.index",[4692,4693],{"title":4688,"path":4689,"stem":4690},{"title":4694,"path":4695,"stem":4696},"DUMMY ENV03-J","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fruntime-environment-env\u002Fenv03-j\u002Fdummy-env03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F16.runtime-environment-env\u002F5.env03-j\u002F2.dummy-env03-j",{"title":4698,"path":4699,"stem":4700},"ENV04-J. Do not disable bytecode verification","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fruntime-environment-env\u002Fenv04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F16.runtime-environment-env\u002F6.env04-j",{"title":4702,"path":4703,"stem":4704},"ENV05-J. Do not deploy an application that can be remotely monitored","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fruntime-environment-env\u002Fenv05-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F16.runtime-environment-env\u002F7.env05-j",{"title":4706,"path":4707,"stem":4708},"ENV06-J. Production code must not contain debugging entry points","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fruntime-environment-env\u002Fenv06-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F16.runtime-environment-env\u002F8.env06-j",{"title":4710,"path":4711,"stem":4712,"children":4713},"Serialization (SER)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F01.index",[4714,4715,4719,4723,4727,4731,4735,4739,4743,4747,4751,4755,4759,4763],{"title":4710,"path":4711,"stem":4712},{"title":4716,"path":4717,"stem":4718},"SER00-J. Enable serialization compatibility during class evolution","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser\u002Fser00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F02.ser00-j",{"title":4720,"path":4721,"stem":4722},"SER01-J. Do not deviate from the proper signatures of serialization methods","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser\u002Fser01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F03.ser01-j",{"title":4724,"path":4725,"stem":4726},"SER02-J. Sign then seal objects before sending them outside a trust boundary","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser\u002Fser02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F04.ser02-j",{"title":4728,"path":4729,"stem":4730},"SER03-J. Do not serialize unencrypted sensitive data","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser\u002Fser03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F05.ser03-j",{"title":4732,"path":4733,"stem":4734},"SER04-J. Do not allow serialization and deserialization to bypass the security manager","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser\u002Fser04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F06.ser04-j",{"title":4736,"path":4737,"stem":4738},"SER05-J. Do not serialize instances of inner classes","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser\u002Fser05-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F07.ser05-j",{"title":4740,"path":4741,"stem":4742},"SER06-J. Make defensive copies of private mutable components during deserialization","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser\u002Fser06-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F08.ser06-j",{"title":4744,"path":4745,"stem":4746},"SER07-J. Do not use the default serialized form for classes with implementation-defined invariants","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser\u002Fser07-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F09.ser07-j",{"title":4748,"path":4749,"stem":4750},"SER08-J. Minimize privileges before deserializing from a privileged context","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser\u002Fser08-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F10.ser08-j",{"title":4752,"path":4753,"stem":4754},"SER09-J. Do not invoke overridable methods from the readObject() method","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser\u002Fser09-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F11.ser09-j",{"title":4756,"path":4757,"stem":4758},"SER10-J. Avoid memory and resource leaks during serialization","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser\u002Fser10-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F12.ser10-j",{"title":4760,"path":4761,"stem":4762},"SER11-J. Prevent overwriting of externalizable objects","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser\u002Fser11-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F13.ser11-j",{"title":4764,"path":4765,"stem":4766},"SER12-J. Prevent deserialization of untrusted data","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fserialization-ser\u002Fser12-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F17.serialization-ser\u002F14.ser12-j",{"title":4768,"path":4769,"stem":4770,"children":4771},"Thread APIs (THI)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-apis-thi","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F18.thread-apis-thi\u002F1.index",[4772,4773,4777,4781,4785,4789,4793],{"title":4768,"path":4769,"stem":4770},{"title":4774,"path":4775,"stem":4776},"THI00-J. Do not invoke Thread.run()","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-apis-thi\u002Fthi00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F18.thread-apis-thi\u002F2.thi00-j",{"title":4778,"path":4779,"stem":4780},"THI01-J. Do not invoke ThreadGroup methods","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-apis-thi\u002Fthi01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F18.thread-apis-thi\u002F3.thi01-j",{"title":4782,"path":4783,"stem":4784},"THI02-J. Notify all waiting threads rather than a single thread","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-apis-thi\u002Fthi02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F18.thread-apis-thi\u002F4.thi02-j",{"title":4786,"path":4787,"stem":4788},"THI03-J. Always invoke wait() and await() methods inside a loop","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-apis-thi\u002Fthi03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F18.thread-apis-thi\u002F5.thi03-j",{"title":4790,"path":4791,"stem":4792},"THI04-J. Ensure that threads performing blocking operations can be terminated","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-apis-thi\u002Fthi04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F18.thread-apis-thi\u002F6.thi04-j",{"title":4794,"path":4795,"stem":4796},"THI05-J. Do not use Thread.stop() to terminate threads","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-apis-thi\u002Fthi05-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F18.thread-apis-thi\u002F7.thi05-j",{"title":4798,"path":4799,"stem":4800,"children":4801},"Thread Pools (TPS)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-pools-tps","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F19.thread-pools-tps\u002F1.index",[4802,4803,4807,4811,4815,4819],{"title":4798,"path":4799,"stem":4800},{"title":4804,"path":4805,"stem":4806},"TPS00-J. Use thread pools to enable graceful degradation of service during traffic bursts","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-pools-tps\u002Ftps00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F19.thread-pools-tps\u002F2.tps00-j",{"title":4808,"path":4809,"stem":4810},"TPS01-J. Do not execute interdependent tasks in a bounded thread pool","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-pools-tps\u002Ftps01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F19.thread-pools-tps\u002F3.tps01-j",{"title":4812,"path":4813,"stem":4814},"TPS02-J. Ensure that tasks submitted to a thread pool are interruptible","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-pools-tps\u002Ftps02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F19.thread-pools-tps\u002F4.tps02-j",{"title":4816,"path":4817,"stem":4818},"TPS03-J. Ensure that tasks executing in a thread pool do not fail silently","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-pools-tps\u002Ftps03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F19.thread-pools-tps\u002F5.tps03-j",{"title":4820,"path":4821,"stem":4822},"TPS04-J. Ensure ThreadLocal variables are reinitialized when using thread pools","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-pools-tps\u002Ftps04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F19.thread-pools-tps\u002F6.tps04-j",{"title":4824,"path":4825,"stem":4826,"children":4827},"Thread-Safety Miscellaneous (TSM)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-safety-miscellaneous-tsm","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F20.thread-safety-miscellaneous-tsm\u002F1.index",[4828,4829,4833,4837,4841],{"title":4824,"path":4825,"stem":4826},{"title":4830,"path":4831,"stem":4832},"TSM00-J. Do not override thread-safe methods with methods that are not thread-safe","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-safety-miscellaneous-tsm\u002Ftsm00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F20.thread-safety-miscellaneous-tsm\u002F2.tsm00-j",{"title":4834,"path":4835,"stem":4836},"TSM01-J. Do not let the this reference escape during object construction","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-safety-miscellaneous-tsm\u002Ftsm01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F20.thread-safety-miscellaneous-tsm\u002F3.tsm01-j",{"title":4838,"path":4839,"stem":4840},"TSM02-J. Do not use background threads during class initialization","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-safety-miscellaneous-tsm\u002Ftsm02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F20.thread-safety-miscellaneous-tsm\u002F4.tsm02-j",{"title":4842,"path":4843,"stem":4844},"TSM03-J. Do not publish partially initialized objects","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fthread-safety-miscellaneous-tsm\u002Ftsm03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F20.thread-safety-miscellaneous-tsm\u002F5.tsm03-j",{"title":4846,"path":4847,"stem":4848,"children":4849},"Visibility and Atomicity (VNA)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fvisibility-and-atomicity-vna","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F21.visibility-and-atomicity-vna\u002F1.index",[4850,4851,4855,4859,4863,4867,4871],{"title":4846,"path":4847,"stem":4848},{"title":4852,"path":4853,"stem":4854},"VNA00-J. Ensure visibility when accessing shared primitive variables","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fvisibility-and-atomicity-vna\u002Fvna00-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F21.visibility-and-atomicity-vna\u002F2.vna00-j",{"title":4856,"path":4857,"stem":4858},"VNA01-J. Ensure visibility of shared references to immutable objects","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fvisibility-and-atomicity-vna\u002Fvna01-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F21.visibility-and-atomicity-vna\u002F3.vna01-j",{"title":4860,"path":4861,"stem":4862},"VNA02-J. Ensure that compound operations on shared variables are atomic","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fvisibility-and-atomicity-vna\u002Fvna02-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F21.visibility-and-atomicity-vna\u002F4.vna02-j",{"title":4864,"path":4865,"stem":4866},"VNA03-J. Do not assume that a group of calls to independently atomic methods is atomic","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fvisibility-and-atomicity-vna\u002Fvna03-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F21.visibility-and-atomicity-vna\u002F5.vna03-j",{"title":4868,"path":4869,"stem":4870},"VNA04-J. Ensure that calls to chained methods are atomic","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fvisibility-and-atomicity-vna\u002Fvna04-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F21.visibility-and-atomicity-vna\u002F6.vna04-j",{"title":4872,"path":4873,"stem":4874},"VNA05-J. Ensure atomicity when reading and writing 64-bit values","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frules\u002Fvisibility-and-atomicity-vna\u002Fvna05-j","6.sei-cert-oracle-coding-standard-for-java\u002F3.rules\u002F21.visibility-and-atomicity-vna\u002F7.vna05-j",{"title":4876,"path":4877,"stem":4878,"children":4879},"Recommendations","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F01.index",[4880,4881,4894,4912,4965,4990,5019,5040,5073,5106,5167,5192,5233],{"title":4876,"path":4877,"stem":4878},{"title":4048,"path":4882,"stem":4883,"children":4884},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fcharacters-and-strings-str","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F02.characters-and-strings-str\u002F1.index",[4885,4886,4890],{"title":4048,"path":4882,"stem":4883},{"title":4887,"path":4888,"stem":4889},"STR50-J. Use the appropriate method for counting characters in a string","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fcharacters-and-strings-str\u002Fstr50-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F02.characters-and-strings-str\u002F2.str50-j",{"title":4891,"path":4892,"stem":4893},"STR51-J. Use the charset encoder and decoder classes when more control over the encoding process is required","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fcharacters-and-strings-str\u002Fstr51-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F02.characters-and-strings-str\u002F3.str51-j",{"title":4895,"path":4896,"stem":4897,"children":4898},"Concurrency (CON)","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fconcurrency-con","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F03.concurrency-con\u002F1.index",[4899,4900,4904,4908],{"title":4895,"path":4896,"stem":4897},{"title":4901,"path":4902,"stem":4903},"CON50-J. Do not assume that declaring a reference volatile guarantees safe publication of the members of the referenced object","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fconcurrency-con\u002Fcon50-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F03.concurrency-con\u002F2.con50-j",{"title":4905,"path":4906,"stem":4907},"CON51-J. Do not assume that the sleep(), yield(), or getState() methods provide synchronization semantics","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fconcurrency-con\u002Fcon51-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F03.concurrency-con\u002F3.con51-j",{"title":4909,"path":4910,"stem":4911},"CON52-J. Document thread-safety and use annotations where applicable","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fconcurrency-con\u002Fcon52-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F03.concurrency-con\u002F4.con52-j",{"title":4074,"path":4913,"stem":4914,"children":4915},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fdeclarations-and-initialization-dcl","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F04.declarations-and-initialization-dcl\u002F01.index",[4916,4917,4921,4925,4929,4933,4937,4941,4945,4949,4953,4957,4961],{"title":4074,"path":4913,"stem":4914},{"title":4918,"path":4919,"stem":4920},"DCL50-J. Use visually distinct identifiers","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl50-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F04.declarations-and-initialization-dcl\u002F02.dcl50-j",{"title":4922,"path":4923,"stem":4924},"DCL51-J. Do not shadow or obscure identifiers in subscopes","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl51-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F04.declarations-and-initialization-dcl\u002F03.dcl51-j",{"title":4926,"path":4927,"stem":4928},"DCL52-J. Do not declare more than one variable per declaration","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl52-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F04.declarations-and-initialization-dcl\u002F04.dcl52-j",{"title":4930,"path":4931,"stem":4932},"DCL53-J. Minimize the scope of variables","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl53-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F04.declarations-and-initialization-dcl\u002F05.dcl53-j",{"title":4934,"path":4935,"stem":4936},"DCL54-J. Use meaningful symbolic constants to represent literal values in program logic","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl54-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F04.declarations-and-initialization-dcl\u002F06.dcl54-j",{"title":4938,"path":4939,"stem":4940},"DCL55-J. Properly encode relationships in constant definitions","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl55-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F04.declarations-and-initialization-dcl\u002F07.dcl55-j",{"title":4942,"path":4943,"stem":4944},"DCL56-J. Do not attach significance to the ordinal associated with an enum","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl56-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F04.declarations-and-initialization-dcl\u002F08.dcl56-j",{"title":4946,"path":4947,"stem":4948},"DCL57-J. Avoid ambiguous overloading of variable arity methods","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl57-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F04.declarations-and-initialization-dcl\u002F09.dcl57-j",{"title":4950,"path":4951,"stem":4952},"DCL58-J. Enable compile-time type checking of variable arity parameter types","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl58-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F04.declarations-and-initialization-dcl\u002F10.dcl58-j",{"title":4954,"path":4955,"stem":4956},"DCL59-J. Do not apply public final to constants whose value might change in later releases","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl59-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F04.declarations-and-initialization-dcl\u002F11.dcl59-j",{"title":4958,"path":4959,"stem":4960},"DCL60-J. Avoid cyclic dependencies between packages","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl60-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F04.declarations-and-initialization-dcl\u002F12.dcl60-j",{"title":4962,"path":4963,"stem":4964},"DCL61-J. Do not use raw types","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fdeclarations-and-initialization-dcl\u002Fdcl61-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F04.declarations-and-initialization-dcl\u002F13.dcl61-j",{"title":4092,"path":4966,"stem":4967,"children":4968},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fexceptional-behavior-err","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F05.exceptional-behavior-err\u002F1.index",[4969,4970,4974,4978,4982,4986],{"title":4092,"path":4966,"stem":4967},{"title":4971,"path":4972,"stem":4973},"ERR50-J. Use exceptions only for exceptional conditions","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fexceptional-behavior-err\u002Ferr50-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F05.exceptional-behavior-err\u002F2.err50-j",{"title":4975,"path":4976,"stem":4977},"ERR51-J. Prefer user-defined exceptions over more general exception types","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fexceptional-behavior-err\u002Ferr51-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F05.exceptional-behavior-err\u002F3.err51-j",{"title":4979,"path":4980,"stem":4981},"ERR52-J. Avoid in-band error indicators","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fexceptional-behavior-err\u002Ferr52-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F05.exceptional-behavior-err\u002F4.err52-j",{"title":4983,"path":4984,"stem":4985},"ERR53-J. Try to gracefully recover from system errors","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fexceptional-behavior-err\u002Ferr53-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F05.exceptional-behavior-err\u002F5.err53-j",{"title":4987,"path":4988,"stem":4989},"ERR54-J. Use a try-with-resources statement to safely handle closeable resources","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fexceptional-behavior-err\u002Ferr54-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F05.exceptional-behavior-err\u002F6.err54-j",{"title":4138,"path":4991,"stem":4992,"children":4993},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fexpressions-exp","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F06.expressions-exp\u002F1.index",[4994,4995,4999,5003,5007,5011,5015],{"title":4138,"path":4991,"stem":4992},{"title":4996,"path":4997,"stem":4998},"EXP50-J. Do not confuse abstract object equality with reference equality","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fexpressions-exp\u002Fexp50-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F06.expressions-exp\u002F2.exp50-j",{"title":5000,"path":5001,"stem":5002},"EXP51-J. Do not perform assignments in conditional expressions","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fexpressions-exp\u002Fexp51-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F06.expressions-exp\u002F3.exp51-j",{"title":5004,"path":5005,"stem":5006},"EXP52-J. Use braces for the body of an if, for, or while statement","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fexpressions-exp\u002Fexp52-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F06.expressions-exp\u002F4.exp52-j",{"title":5008,"path":5009,"stem":5010},"EXP53-J. Use parentheses for precedence of operation","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fexpressions-exp\u002Fexp53-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F06.expressions-exp\u002F5.exp53-j",{"title":5012,"path":5013,"stem":5014},"EXP54-J. Understand the differences between bitwise and logical operators","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fexpressions-exp\u002Fexp54-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F06.expressions-exp\u002F6.exp54-j",{"title":5016,"path":5017,"stem":5018},"EXP55-J. Use the same type for the second and third operands in conditional expressions","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fexpressions-exp\u002Fexp55-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F06.expressions-exp\u002F7.exp55-j",{"title":4176,"path":5020,"stem":5021,"children":5022},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-output-fio","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F07.input-output-fio\u002F1.index",[5023,5024,5028,5032,5036],{"title":4176,"path":5020,"stem":5021},{"title":5025,"path":5026,"stem":5027},"FIO50-J. Do not make assumptions about file creation","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-output-fio\u002Ffio50-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F07.input-output-fio\u002F2.fio50-j",{"title":5029,"path":5030,"stem":5031},"FIO51-J. Identify files using multiple file attributes","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-output-fio\u002Ffio51-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F07.input-output-fio\u002F3.fio51-j",{"title":5033,"path":5034,"stem":5035},"FIO52-J. Do not store unencrypted sensitive information on the client side","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-output-fio\u002Ffio52-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F07.input-output-fio\u002F4.fio52-j",{"title":5037,"path":5038,"stem":5039},"FIO53-J. Use the serialization methods writeUnshared() and readUnshared() with care","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-output-fio\u002Ffio53-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F07.input-output-fio\u002F5.fio53-j",{"title":4250,"path":5041,"stem":5042,"children":5043},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F08.input-validation-and-data-sanitization-ids\u002F1.index",[5044,5045,5049,5053,5057,5061,5065,5069],{"title":4250,"path":5041,"stem":5042},{"title":5046,"path":5047,"stem":5048},"IDS50-J. Use conservative file naming conventions","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids\u002Fids50-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F08.input-validation-and-data-sanitization-ids\u002F2.ids50-j",{"title":5050,"path":5051,"stem":5052},"IDS51-J. Properly encode or escape output","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids\u002Fids51-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F08.input-validation-and-data-sanitization-ids\u002F3.ids51-j",{"title":5054,"path":5055,"stem":5056},"IDS52-J. Prevent code injection","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids\u002Fids52-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F08.input-validation-and-data-sanitization-ids\u002F4.ids52-j",{"title":5058,"path":5059,"stem":5060},"IDS53-J. Prevent XPath Injection","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids\u002Fids53-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F08.input-validation-and-data-sanitization-ids\u002F5.ids53-j",{"title":5062,"path":5063,"stem":5064},"IDS54-J. Prevent LDAP injection","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids\u002Fids54-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F08.input-validation-and-data-sanitization-ids\u002F6.ids54-j",{"title":5066,"path":5067,"stem":5068},"IDS55-J. Understand how escape characters are interpreted when strings are loaded","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids\u002Fids55-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F08.input-validation-and-data-sanitization-ids\u002F7.ids55-j",{"title":5070,"path":5071,"stem":5072},"IDS56-J. Prevent arbitrary file upload","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Finput-validation-and-data-sanitization-ids\u002Fids56-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F08.input-validation-and-data-sanitization-ids\u002F8.ids56-j",{"title":4384,"path":5074,"stem":5075,"children":5076},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmethods-met","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F09.methods-met\u002F1.index",[5077,5078,5082,5086,5090,5094,5098,5102],{"title":4384,"path":5074,"stem":5075},{"title":5079,"path":5080,"stem":5081},"MET50-J. Avoid ambiguous or confusing uses of overloading","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmethods-met\u002Fmet50-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F09.methods-met\u002F2.met50-j",{"title":5083,"path":5084,"stem":5085},"MET51-J. Do not use overloaded methods to differentiate between runtime types","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmethods-met\u002Fmet51-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F09.methods-met\u002F3.met51-j",{"title":5087,"path":5088,"stem":5089},"MET52-J. Do not use the clone() method to copy untrusted method parameters","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmethods-met\u002Fmet52-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F09.methods-met\u002F4.met52-j",{"title":5091,"path":5092,"stem":5093},"MET53-J. Ensure that the clone() method calls super.clone()","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmethods-met\u002Fmet53-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F09.methods-met\u002F5.met53-j",{"title":5095,"path":5096,"stem":5097},"MET54-J. Always provide feedback about the resulting value of a method","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmethods-met\u002Fmet54-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F09.methods-met\u002F6.met54-j",{"title":5099,"path":5100,"stem":5101},"MET55-J. Return an empty array or collection instead of a null value for methods that return an array or collection","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmethods-met\u002Fmet55-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F09.methods-met\u002F7.met55-j",{"title":5103,"path":5104,"stem":5105},"MET56-J. Do not use Object.equals() to compare cryptographic keys","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmethods-met\u002Fmet56-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F09.methods-met\u002F8.met56-j",{"title":4446,"path":5107,"stem":5108,"children":5109},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F01.index",[5110,5111,5115,5119,5123,5127,5131,5135,5139,5143,5147,5151,5155,5159,5163],{"title":4446,"path":5107,"stem":5108},{"title":5112,"path":5113,"stem":5114},"MSC50-J. Minimize the scope of the @SuppressWarnings annotation","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc50-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F02.msc50-j",{"title":5116,"path":5117,"stem":5118},"MSC51-J. Do not place a semicolon immediately following an if, for, or while condition","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc51-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F03.msc51-j",{"title":5120,"path":5121,"stem":5122},"MSC52-J. Finish every set of statements associated with a case label with a break statement","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc52-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F04.msc52-j",{"title":5124,"path":5125,"stem":5126},"MSC53-J. Carefully design interfaces before releasing them","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc53-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F05.msc53-j",{"title":5128,"path":5129,"stem":5130},"MSC54-J. Avoid inadvertent wrapping of loop counters","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc54-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F06.msc54-j",{"title":5132,"path":5133,"stem":5134},"MSC55-J. Use comments consistently and in a readable fashion","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc55-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F07.msc55-j",{"title":5136,"path":5137,"stem":5138},"MSC56-J. Detect and remove superfluous code and values","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc56-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F08.msc56-j",{"title":5140,"path":5141,"stem":5142},"MSC57-J. Strive for logical completeness","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc57-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F09.msc57-j",{"title":5144,"path":5145,"stem":5146},"MSC58-J. Prefer using iterators over enumerations","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc58-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F10.msc58-j",{"title":5148,"path":5149,"stem":5150},"MSC59-J. Limit the lifetime of sensitive data","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc59-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F11.msc59-j",{"title":5152,"path":5153,"stem":5154},"MSC60-J. Do not use assertions to verify the absence of runtime errors","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc60-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F12.msc60-j",{"title":5156,"path":5157,"stem":5158},"MSC61-J. Do not use insecure or weak cryptographic algorithms","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc61-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F13.msc61-j",{"title":5160,"path":5161,"stem":5162},"MSC62-J. Store passwords using a hash function","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc62-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F14.msc62-j",{"title":5164,"path":5165,"stem":5166},"MSC63-J. Ensure that SecureRandom is properly seeded","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fmiscellaneous-msc\u002Fmsc63-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F10.miscellaneous-msc\u002F15.msc63-j",{"title":4500,"path":5168,"stem":5169,"children":5170},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fnumeric-types-and-operations-num","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F11.numeric-types-and-operations-num\u002F1.index",[5171,5172,5176,5180,5184,5188],{"title":4500,"path":5168,"stem":5169},{"title":5173,"path":5174,"stem":5175},"NUM50-J. Convert integers to floating point for floating-point operations","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fnumeric-types-and-operations-num\u002Fnum50-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F11.numeric-types-and-operations-num\u002F2.num50-j",{"title":5177,"path":5178,"stem":5179},"NUM51-J. Do not assume that the remainder operator always returns a nonnegative result for integral operands","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fnumeric-types-and-operations-num\u002Fnum51-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F11.numeric-types-and-operations-num\u002F3.num51-j",{"title":5181,"path":5182,"stem":5183},"NUM52-J. Be aware of numeric promotion behavior","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fnumeric-types-and-operations-num\u002Fnum52-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F11.numeric-types-and-operations-num\u002F4.num52-j",{"title":5185,"path":5186,"stem":5187},"NUM53-J. Use the strictfp modifier for floating-point calculation consistency across platforms","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fnumeric-types-and-operations-num\u002Fnum53-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F11.numeric-types-and-operations-num\u002F5.num53-j",{"title":5189,"path":5190,"stem":5191},"NUM54-J. Do not use denormalized numbers","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fnumeric-types-and-operations-num\u002Fnum54-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F11.numeric-types-and-operations-num\u002F6.num54-j",{"title":4558,"path":5193,"stem":5194,"children":5195},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fobject-orientation-obj","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F12.object-orientation-obj\u002F01.index",[5196,5197,5201,5205,5209,5213,5217,5221,5225,5229],{"title":4558,"path":5193,"stem":5194},{"title":5198,"path":5199,"stem":5200},"OBJ50-J. Never confuse the immutability of a reference with that of the referenced object","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fobject-orientation-obj\u002Fobj50-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F12.object-orientation-obj\u002F02.obj50-j",{"title":5202,"path":5203,"stem":5204},"OBJ51-J. Minimize the accessibility of classes and their members","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fobject-orientation-obj\u002Fobj51-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F12.object-orientation-obj\u002F03.obj51-j",{"title":5206,"path":5207,"stem":5208},"OBJ52-J. Write garbage-collection-friendly code","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fobject-orientation-obj\u002Fobj52-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F12.object-orientation-obj\u002F04.obj52-j",{"title":5210,"path":5211,"stem":5212},"OBJ53-J. Do not use direct buffers for short-lived, infrequently used objects","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fobject-orientation-obj\u002Fobj53-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F12.object-orientation-obj\u002F05.obj53-j",{"title":5214,"path":5215,"stem":5216},"OBJ54-J. Do not attempt to help the garbage collector by setting local reference variables to null","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fobject-orientation-obj\u002Fobj54-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F12.object-orientation-obj\u002F06.obj54-j",{"title":5218,"path":5219,"stem":5220},"OBJ55-J. Remove short-lived objects from long-lived container objects","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fobject-orientation-obj\u002Fobj55-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F12.object-orientation-obj\u002F07.obj55-j",{"title":5222,"path":5223,"stem":5224},"OBJ56-J. Provide sensitive mutable classes with unmodifiable wrappers","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fobject-orientation-obj\u002Fobj56-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F12.object-orientation-obj\u002F08.obj56-j",{"title":5226,"path":5227,"stem":5228},"OBJ57-J. Do not rely on methods that can be overridden by untrusted code","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fobject-orientation-obj\u002Fobj57-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F12.object-orientation-obj\u002F09.obj57-j",{"title":5230,"path":5231,"stem":5232},"OBJ58-J. Limit the extensibility of classes and methods with invariants","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fobject-orientation-obj\u002Fobj58-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F12.object-orientation-obj\u002F10.obj58-j",{"title":4620,"path":5234,"stem":5235,"children":5236},"\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fplatform-security-sec","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F13.platform-security-sec\u002F01.index",[5237,5238,5242,5246,5250,5254,5258,5262,5266,5270],{"title":4620,"path":5234,"stem":5235},{"title":5239,"path":5240,"stem":5241},"SEC50-J. Avoid granting excess privileges","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fplatform-security-sec\u002Fsec50-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F13.platform-security-sec\u002F02.sec50-j",{"title":5243,"path":5244,"stem":5245},"SEC51-J. Minimize privileged code","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fplatform-security-sec\u002Fsec51-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F13.platform-security-sec\u002F03.sec51-j",{"title":5247,"path":5248,"stem":5249},"SEC52-J. Do not expose methods that use reduced-security checks to untrusted code","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fplatform-security-sec\u002Fsec52-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F13.platform-security-sec\u002F04.sec52-j",{"title":5251,"path":5252,"stem":5253},"SEC53-J. Define custom security permissions for fine-grained security","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fplatform-security-sec\u002Fsec53-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F13.platform-security-sec\u002F05.sec53-j",{"title":5255,"path":5256,"stem":5257},"SEC54-J. Create a secure sandbox using a security manager","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fplatform-security-sec\u002Fsec54-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F13.platform-security-sec\u002F06.sec54-j",{"title":5259,"path":5260,"stem":5261},"SEC55-J. Ensure that security-sensitive methods are called with validated arguments","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fplatform-security-sec\u002Fsec55-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F13.platform-security-sec\u002F07.sec55-j",{"title":5263,"path":5264,"stem":5265},"SEC56-J. Do not serialize direct handles to system resources","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fplatform-security-sec\u002Fsec56-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F13.platform-security-sec\u002F08.sec56-j",{"title":5267,"path":5268,"stem":5269},"SEC57-J. Do not let untrusted code misuse privileges of callback methods","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fplatform-security-sec\u002Fsec57-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F13.platform-security-sec\u002F09.sec57-j",{"title":5271,"path":5272,"stem":5273},"SEC58-J. Deserialization methods should not perform potentially dangerous operations","\u002Fsei-cert-oracle-coding-standard-for-java\u002Frecommendations\u002Fplatform-security-sec\u002Fsec58-j","6.sei-cert-oracle-coding-standard-for-java\u002F4.recommendations\u002F13.platform-security-sec\u002F10.sec58-j",{"title":5275,"path":5276,"stem":5277,"children":5278},"Back Matter","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F1.index",[5279,5280,5284,5285,5286,5287,5413,5439],{"title":5275,"path":5276,"stem":5277},{"title":5281,"path":5282,"stem":5283},"Rec. AA. References","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frec-aa-references","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F2.rec-aa-references",{"title":3883,"path":3884,"stem":3885},{"title":30,"path":3877,"stem":3879},{"title":3887,"path":3888,"stem":3889},{"title":5288,"path":5289,"stem":5290,"children":5291},"Rule or Rec. CC. Analyzers","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F01.index",[5292,5293,5297,5301,5305,5309,5313,5317,5321,5325,5329,5333,5337,5341,5345,5349,5353,5357,5361,5365,5369,5373,5377,5381,5385,5389,5393,5397,5401,5405,5409],{"title":5288,"path":5289,"stem":5290},{"title":5294,"path":5295,"stem":5296},"CodeSonar","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fcodesonar","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F02.codesonar",{"title":5298,"path":5299,"stem":5300},"CodeSonar_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fcodesonar_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F03.codesonar_v",{"title":5302,"path":5303,"stem":5304},"Coverity","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fcoverity","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F04.coverity",{"title":5306,"path":5307,"stem":5308},"Coverity_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fcoverity_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F05.coverity_v",{"title":5310,"path":5311,"stem":5312},"Eclipse","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Feclipse","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F06.eclipse",{"title":5314,"path":5315,"stem":5316},"Eclipse_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Feclipse_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F07.eclipse_v",{"title":5318,"path":5319,"stem":5320},"Error Prone","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Ferror-prone","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F08.error-prone",{"title":5322,"path":5323,"stem":5324},"Error Prone_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Ferror-prone_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F09.error-prone_v",{"title":5326,"path":5327,"stem":5328},"Findbugs","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Ffindbugs","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F10.findbugs",{"title":5330,"path":5331,"stem":5332},"Findbugs_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Ffindbugs_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F11.findbugs_v",{"title":5334,"path":5335,"stem":5336},"Fortify","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Ffortify","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F12.fortify",{"title":5338,"path":5339,"stem":5340},"Fortify_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Ffortify_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F13.fortify_v",{"title":5342,"path":5343,"stem":5344},"Klocwork","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fklocwork","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F14.klocwork",{"title":5346,"path":5347,"stem":5348},"Klocwork_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fklocwork_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F15.klocwork_v",{"title":5350,"path":5351,"stem":5352},"Parasoft","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fparasoft","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F16.parasoft",{"title":5354,"path":5355,"stem":5356},"Parasoft_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fparasoft_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F17.parasoft_v",{"title":5358,"path":5359,"stem":5360},"Pmd","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fpmd","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F18.pmd",{"title":5362,"path":5363,"stem":5364},"Pmd_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fpmd_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F19.pmd_v",{"title":5366,"path":5367,"stem":5368},"PVS-Studio","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fpvs-studio","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F20.pvs-studio",{"title":5370,"path":5371,"stem":5372},"PVS-Studio_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fpvs-studio_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F21.pvs-studio_v",{"title":5374,"path":5375,"stem":5376},"Security Reviewer - Static Reviewer","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fsecurity-reviewer-static-reviewer","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F22.security-reviewer-static-reviewer",{"title":5378,"path":5379,"stem":5380},"Security Reviewer - Static Reviewer_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fsecurity-reviewer-static-reviewer_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F23.security-reviewer-static-reviewer_v",{"title":5382,"path":5383,"stem":5384},"SonarQube","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fsonarqube","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F24.sonarqube",{"title":5386,"path":5387,"stem":5388},"SonarQube_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fsonarqube_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F25.sonarqube_v",{"title":5390,"path":5391,"stem":5392},"SpotBugs","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fspotbugs","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F26.spotbugs",{"title":5394,"path":5395,"stem":5396},"SpotBugs_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fspotbugs_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F27.spotbugs_v",{"title":5398,"path":5399,"stem":5400},"The Checker Framework","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fthe-checker-framework","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F28.the-checker-framework",{"title":5402,"path":5403,"stem":5404},"The Checker Framework_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fthe-checker-framework_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F29.the-checker-framework_v",{"title":5406,"path":5407,"stem":5408},"ThreadSafe","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fthreadsafe","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F30.threadsafe",{"title":5410,"path":5411,"stem":5412},"ThreadSafe_V","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-cc-analyzers\u002Fthreadsafe_v","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F6.rule-or-rec-cc-analyzers\u002F31.threadsafe_v",{"title":5414,"path":5415,"stem":5416,"children":5417},"Rule or Rec. DD. Related Guidelines","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-dd-related-guidelines","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F7.rule-or-rec-dd-related-guidelines\u002F1.index",[5418,5419,5423,5427,5431,5435],{"title":5414,"path":5415,"stem":5416},{"title":5420,"path":5421,"stem":5422},"2010","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-dd-related-guidelines\u002F2.2010","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F7.rule-or-rec-dd-related-guidelines\u002F2.2010",{"title":5424,"path":5425,"stem":5426},"2013","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-dd-related-guidelines\u002F3.2013","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F7.rule-or-rec-dd-related-guidelines\u002F3.2013",{"title":5428,"path":5429,"stem":5430},"MITRE CAPEC","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-dd-related-guidelines\u002Fmitre-capec","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F7.rule-or-rec-dd-related-guidelines\u002F4.mitre-capec",{"title":5432,"path":5433,"stem":5434},"MITRE CWE","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-dd-related-guidelines\u002Fmitre-cwe","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F7.rule-or-rec-dd-related-guidelines\u002F5.mitre-cwe",{"title":5436,"path":5437,"stem":5438},"SECURE CODING GUIDELINES FOR JAVA SE, VERSION 5.0","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-dd-related-guidelines\u002Fsecure-coding-guidelines-for-java-se-version-50","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F7.rule-or-rec-dd-related-guidelines\u002F6.secure-coding-guidelines-for-java-se-version-50",{"title":5440,"path":5441,"stem":5442},"Rule or Rec. EE. Risk Assessments","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fback-matter\u002Frule-or-rec-ee-risk-assessments","6.sei-cert-oracle-coding-standard-for-java\u002F5.back-matter\u002F8.rule-or-rec-ee-risk-assessments",{"title":5444,"path":5445,"stem":5446,"children":5447},"Admin","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fadmin","6.sei-cert-oracle-coding-standard-for-java\u002F6.admin\u002F1.index",[5448,5449,5453,5457,5461,5465],{"title":5444,"path":5445,"stem":5446},{"title":5450,"path":5451,"stem":5452},"All Guidelines with Classification","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fadmin\u002Fall-guidelines-with-classification","6.sei-cert-oracle-coding-standard-for-java\u002F6.admin\u002F2.all-guidelines-with-classification",{"title":5454,"path":5455,"stem":5456},"Normative Guidelines","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fadmin\u002Fnormative-guidelines","6.sei-cert-oracle-coding-standard-for-java\u002F6.admin\u002F3.normative-guidelines",{"title":5458,"path":5459,"stem":5460},"Tech-edit","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fadmin\u002Ftech-edit","6.sei-cert-oracle-coding-standard-for-java\u002F6.admin\u002F4.tech-edit",{"title":5462,"path":5463,"stem":5464},"TODO List","\u002Fsei-cert-oracle-coding-standard-for-java\u002Fadmin\u002Ftodo-list","6.sei-cert-oracle-coding-standard-for-java\u002F6.admin\u002F5.todo-list",{"title":5462,"path":5463,"stem":5466},"6.sei-cert-oracle-coding-standard-for-java\u002F6.admin\u002F6.todo-list",1775657791151]