...
MSC02-J. Avoid cyclic dependencies between packages
MSC03-J. Prefer using URIs to URLsReserved (moved to SDV)
MSC04-J. Prefer using Iterators over Enumerations
...
MSC09-J. Do not assume infinite heap space
MSC10-J. Perform loss less conversion of String to given encoding and backReserved (moved to SDV)
MSC11-J. Limit the lifetime of sensitive data
...
MSC31-J. Never hardcode sensitive information
MSC32-J. Prevent OS Command InjectionReserved (moved to SDV)
MSC33-J. Prevent against SQL Injection
MSC34-J. Prevent XML InjectionReserved (moved to SDV)
MSC35-J. Prevent XPath InjectionReserved (moved to SDV)
MSC36-J. Understand how escape characters are interpreted when String literals are compiledReserved (moved to SDV)
MSC37-J. Make sensitive classes noncloneable
MSC38-J. Do not modify the underlying collection when an iteration is in progress
MSC39-J. Sanitize before processing or storing user inputReserved (moved to SDV)
MSC40-J. Account for supplementary and combining characters in globalized codeReserved (moved to SDV)
MSC41-J. Validate strings after performing normalizationReserved (moved to SDV)
MSC42-J. Do not delete non-character code pointsReserved (moved to SDV)
MSC43-J. Prevent XML external entity attacksReserved (moved to SDV)
MSC44-J. Properly encode or escape outputReserved (moved to SDV)
MSC45-J. Do not base critical decisions on IP addresses or DNS lookups
MSC46-J. Do not use Object.equals() to compare cryptographic keys
MSC47-J. Do not use locale dependent methods on locale insensitive dataReserved (moved to SDV)
Risk Assessment Summary
Recommendations
...