Path: csiph.com!x330-a1.tempe.blueboxinc.net!usenet.pasdenom.info!aioe.org!eternal-september.org!feeder.eternal-september.org!.POSTED!not-for-mail From: Daniele Futtorovic Newsgroups: comp.lang.java.programmer Subject: Re: The CERT Oracle Secure Coding Standard for Java Date: Sat, 28 May 2011 15:10:48 +0200 Organization: A noiseless patient Spider Lines: 15 Message-ID: References: <899ac5cb-b1e4-44b1-8e27-e6385b4fdcdb@24g2000yqk.googlegroups.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Injection-Date: Sat, 28 May 2011 13:10:49 +0000 (UTC) Injection-Info: mx04.eternal-september.org; posting-host="NxuPZi/lueQlyMjycho+IA"; logging-data="31153"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18gaNvaJU/ip8CgxBSS56Vf" User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.9.2.17) Gecko/20110414 Thunderbird/3.1.10 In-Reply-To: Cancel-Lock: sha1:+ZzWbBtShUDCMujIwgYRGK2x/KM= Xref: x330-a1.tempe.blueboxinc.net comp.lang.java.programmer:4684 On 28/05/2011 09:42, Nasser M. Abbasi allegedly wrote: > On 5/27/2011 10:44 AM, rCs wrote: >> The CERT Oracle Secure Coding Standard for Java has been completed and >> is now ready for >> https://www.securecoding.cert.org/confluence/display/java/The+CERT+Oracle+Secure+Coding+Standard+for+Java. > > I thought Java was already secured? i.e. no buffer overflow > problems like with C, and the sandbox thing for applets and > all of that. I did not know that Java can be not secured before. As the tools become more sophisticated, the standards do, too. -- DF. Determinism trumps correctness.