Software Engineering Institute

October 1, 2014—While conducting the research that produced The CERT Oracle Coding Standard for Java, the Secure Coding Team in the SEI's CERT Division identified best coding practices that, if followed, would eliminate vulnerabilities and other defects in Java programs. Together with collaborators from other organizations, the team in 2013 published Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs. Now the CERT Division is making the content of the Java Coding Guidelines book available free online.

"We are making the Java coding guidelines available online both to promote more widespread adoption of secure coding standards and as a thank you to the software security and software development communities that have collaborated with us to make secure coding initiatives a success," said Robert Seacord, technical manager of the CERT Secure Coding Initiative and co-author of the Java guidelines.

"Although failing to follow these Java guidelines does not necessarily result in an error," said Seacord, "following these guidelines results in more robust and secure code. Consequently, these guidelines should not be considered less important than the rules in the CERT Oracle Coding Standard for Java."

Intended primarily for software professionals working in Java Standard Edition (SE) 7 Platform environments, this guide is also useful to those working with Java Micro Edition (ME), Java Enterprise Edition (EE), and other contemporary Java-language platforms.

The CERT Secure Coding Team plans to update both The CERT Oracle Secure Coding Standard for Java and the Java Coding Guidelines to Java Standard Edition (SE) 8 and encourages the community to participate in the process by creating an account on the secure coding wiki and leaving comments or by contacting the team at secure-coding@cert.org to become an editor.

For free online access to the content of Java Coding Guidelines, visit https://www.securecoding.cert.org/confluence/display/jg/Java+Coding+Guidelines.