Guidelines
MSC00-J. Do not mix generic with non-generic raw types in new code
MSC01-J. Do not use insecure or weak cryptographic algorithms
MSC02-J. Generate strong random numbers
MSC03-J. Never hardcode sensitive information
MSC04-J. Do not use Object.equals() to compare cryptographic keys
MSC05-J. Make sensitive classes noncloneable
MSC07-J. Eliminate class initialization cycles
MSC08-J. Avoid cyclic dependencies between packages
MSC09-J. Carefully design interfaces before releasing them
MSC10-J. Limit the lifetime of sensitive data
MSC11-J. Do not assume infinite heap space
MSC12-J. Prefer using Iterators over Enumerations
MSC13-J. Do not modify the underlying collection when an iteration is in progress
MSC14-J. Finish every set of statements associated with a case label with a break statement
MSC16-J. Address the shortcomings of the Singleton design pattern
MSC17-J. Detect and remove dead code
Risk Assessment Summary
Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC00- J | low | probable | medium | P4 | L3 |
MSC01- J | medium | probable | medium | P8 | L2 |
MSC02- J | high | probable | medium | P12 | L1 |
MSC03- J | high | probable | medium | P12 | L1 |
MSC04- J | high | unlikely | low | P9 | L2 |
MSC05- J | medium | probable | medium | P8 | L2 |
MSC06- J | low | unlikely | high | P1 | L3 |
MSC07- J | low | unlikely | medium | P2 | L3 |
MSC08- J | low | probable | medium | P4 | L3 |
MSC09- J | low | probable | high | P2 | L3 |
MSC10- J | medium | likely | medium | P12 | L1 |
MSC11- J | low | probable | medium | P4 | L3 |
MSC12- J | low | unlikely | medium | P2 | L3 |
MSC13- J | low | probable | medium | P4 | L3 |
MSC14- J | medium | unlikely | low | P6 | L2 |
MSC15- J | low | unlikely | low | P3 | L3 |
SER13-J. Prevent overwriting of Externalizable Objects The CERT Oracle Secure Coding Standard for Java MSC00-J. Do not mix generic with non-generic raw types in new code