Recommendations
EXC01-J. Do not allow exceptions to transmit sensitive information
SEC01-J. Be careful using doPrivileged
...
SEC04-J. Beware of standard APIs that perform access checks against the immediate callerEXC00-J. Handle exceptions appropriately
SEC06-J. Assume that all Java clients can be reverse engineered, monitored, and modified
...