 
                            | Ch. | Who | Dave | Dean | Dhruv | RCS | Fred | 
|---|---|---|---|---|---|---|
| 7 | free | x | x | x | x | 
 | 
| 8 | free | x | x | x | x | 
 | 
| 9 | rCs | x | x | x | x | 
 | 
| 10 | free | x | x | x | x | 
 | 
| 11 | free | x | x | x | x | 
 | 
| 12 | Dhruv | 
 | 
 | 
 | x | 
 | 
| 13 | free | 
 | x | 
 | x | 
 | 
This page contains adhoc TODO ideas or topics being currently investigated. Please feel free to comment on these or suggest new ones.
Possible Changes to Current Guidelines
- All classes, methods will need to include the final keyword. Although this is against extensibility, it is critical from the security point of view.
- All file separators must be replaced by platform independent File.separator
- Wiki Markup - long}} to store {{- int}} vals and then updates the state of the actual outer class and so on..., Item 50 \ [Daconta 03\]
- readResolve() for deserialization (singletons). Do not serialize sensitive external mutable variables (best to declare them transient)
- Calling clone.super() is necessary.
...
Possible Recommendations
- Wiki Markup 
- Careful while using environment variables - investigate usual conditions (done)unmigrated-wiki-markup
- Use HttpSession carefully, Item 25 \ [Daconta 03\]
- Wiki Markup 
- Thread.interrupted issues
...
- Issues with ProtectionDomains (if any)
...
Possible Rules
- Poor performance and DoS due to regex (fixed in jdk 1.6)
...
- Avoid using Reflection to instantiate inner classes
- Wiki Markup 
- Some of the anti-patterns described in ERR00-J. Do not suppress or ignore checked exceptions (done)
...
- Don't catch Throwable without checking for ThreadDeath. (will not do)unmigrated-wiki-markup
- Usage   of  {{GetResource}} may be unsafe if class is extended \ [Findbugs\]
- Do not serialize/deserialize resource handles (done)
...