 
                            | Ch. | Who | Dave | Dean | Dhruv | rCs | Fred | 
|---|---|---|---|---|---|---|
| 14 | Dave | x | x | x | x | x | 
| 15 | rCs | x | x | x | x | x | 
| 16 | free | x | x | x | x | x | 
| 17 | Fred | x | x | x | x | 
 | 
| 18 | Dhruv | x | x | 
 | x | 
 | 
| FW - Gos | free | x | 
 | 
 | x | 
 | 
| FW - CERT | free | 
 | x | 
 | x | x | 
| Bib | free | 
 | x | 
 | x | 
 | 
| Def | free | 
 | x | 
 | x | x | 
This page contains adhoc TODO ideas or topics being currently investigated. Please feel free to comment on these or suggest new ones.
Possible Changes to Current Guidelines
- All classes, methods will need to include the final keyword. Although this is against extensibility, it is critical from the security point of view.
- All file separators must be replaced by platform independent File.separatorunmigrated-wiki-markup
- Possibly   use   the   memento   design   pattern   with   deserialization.   An   inner   class   performs   input   validation   using   'safe'   objects,   for   example,  {{long}} to store {{int}} vals and then updates the state of the actual outer class and so on..., Item 50 \ [Daconta 03\]
- readResolve() for deserialization (singletons). Do not serialize sensitive external mutable variables (best to declare them transient)
- Calling clone.super() is necessary.
...
Possible Recommendations
- Wiki Markup 
- Careful while using environment variables - investigate usual conditions (done)unmigrated-wiki-markup
- Use HttpSession carefully, Item 25 \ [Daconta 03\]unmigrated-wiki-markup
- For good portability, do not make the assumption - all DBMSs can tolerate several open ResultSet Objects at a time, Item 41 \ [Daconta 03\]
- Thread.interrupted issues
...
- Issues with ProtectionDomains (if any)
...
Possible Rules
- Poor performance and DoS due to regex (fixed in jdk 1.6)
...
- Avoid using Reflection to instantiate inner classesunmigrated-wiki-markup
- Use a typesafe enum pattern \ [Bloch, Item 20\]- (_enum type_ provided, jdk 1.5 onwards, [Docs|http://java.sun.com/j2se/1.5.0/docs/guide/language/enums.html])
- Some of the anti-patterns described in ERR00-J. Do not suppress or ignore checked exceptions (done)
...
- Don't catch Throwable without checking for ThreadDeath. (will not do)unmigrated-wiki-markup
- Usage   of  {{GetResource}} may be unsafe if class is extended \ [Findbugs\]
- Do not serialize/deserialize resource handles (done)
...