Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.java.programmer > #4680

Re: The CERT Oracle Secure Coding Standard for Java

From "Nasser M. Abbasi" <nma@12000.org>
Newsgroups comp.lang.java.programmer
Subject Re: The CERT Oracle Secure Coding Standard for Java
Date 2011-05-28 00:42 -0700
Organization Aioe.org NNTP Server
Message-ID <irq910$vd8$1@speranza.aioe.org> (permalink)
References <899ac5cb-b1e4-44b1-8e27-e6385b4fdcdb@24g2000yqk.googlegroups.com>

Show all headers | View raw

On 5/27/2011 10:44 AM, rCs wrote:
> The CERT Oracle Secure Coding Standard for Java has been completed and
> is now ready for https://www.securecoding.cert.org/confluence/display/java/The+CERT+Oracle+Secure+Coding+Standard+for+Java.
>
> The CERT Oracle Secure Coding Standard for Java provides rules for
> secure coding in the Java programming language. The goal of these
> rules is to eliminate insecure coding practices that can lead to
> exploitable vulnerabilities.
>
> To review, you can create an account on the wiki and then post
> comments to any of the pages, or respond directly to me.
>
> Thanks,
> rCs

I thought Java was already secured? i.e. no buffer overflow
problems like with C, and the sandbox thing for applets and
all of that. I did not know that Java can be not secured before.

But, would it be not better, if the language can be defined
so that these remaining security holes that can make it not
secure be closed at the language definition level, instead of
having set of rules, that one need to print out and hang on
the wall to look at while coding?  This way the compiler  job
to spot them, not the programmer. Much better.

Just asking, that is all.

--Nasser

Back to comp.lang.java.programmer | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

The CERT Oracle Secure Coding Standard for Java rCs <rcs@sei.cmu.edu> - 2011-05-27 10:44 -0700
  Re: The CERT Oracle Secure Coding Standard for Java Jeff Higgins <jeff@invalid.invalid> - 2011-05-27 18:43 -0400
    Re: The CERT Oracle Secure Coding Standard for Java Arved Sandstrom <asandstrom3minus1@eastlink.ca> - 2011-05-27 19:49 -0300
      Re: The CERT Oracle Secure Coding Standard for Java Lawrence D'Oliveiro <ldo@geek-central.gen.new_zealand> - 2011-05-28 16:31 +1200
        Re: The CERT Oracle Secure Coding Standard for Java Lew <noone@lewscanon.com> - 2011-05-28 00:45 -0400
    Re: The CERT Oracle Secure Coding Standard for Java rCs <rcs@sei.cmu.edu> - 2011-06-02 06:14 -0700
  Re: The CERT Oracle Secure Coding Standard for Java "Nasser M. Abbasi" <nma@12000.org> - 2011-05-28 00:42 -0700
    Re: The CERT Oracle Secure Coding Standard for Java Eric Sosman <esosman@ieee-dot-org.invalid> - 2011-05-28 09:07 -0400
    Re: The CERT Oracle Secure Coding Standard for Java Daniele Futtorovic <da.futt.news@laposte-dot-net.invalid> - 2011-05-28 15:10 +0200
    Re: The CERT Oracle Secure Coding Standard for Java Arved Sandstrom <asandstrom3minus1@eastlink.ca> - 2011-05-28 10:35 -0300
    Re: The CERT Oracle Secure Coding Standard for Java "John B. Matthews" <nospam@nospam.invalid> - 2011-05-29 16:17 -0400
  Re: The CERT Oracle Secure Coding Standard for Java Abu Yahya <abu_yahya@invalid.com> - 2011-06-08 20:52 +0530
    Re: The CERT Oracle Secure Coding Standard for Java Abu Yahya <abu_yahya@invalid.com> - 2011-06-08 20:55 +0530

csiph-web