Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: updated risk assessment

...

SEC04-J. Beware of standard APIs that perform access checks against the immediate caller

SEC05-J. Reserved

SEC06-J. Assume that all Java clients can be reverse engineered, monitored, and modified

...

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

SEC01-J

medium

probable

high

P4

L3

SEC02-J

medium

probable

high medium

P4 P8

L3 L2

SEC03-J

medium

probable

high medium

P4 P8

L3 L2

SEC04-J

medium

probable

high medium

P4 P8

L3

L2

SEC05-J

TODO

TODO

TODO

TODO

TODO

SEC06-J

medium

probable likely

high medium

P4 P12

L3 L1

SEC07-J

medium

probable likely

high medium

P4 P12

L3

L1

SEC08-J

TODO

TODO

TODO

TODO

TODO

SEC09-J

medium

unlikely

low

P6

L2

Rules

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

SEC30-J

high

probable

low

P18

L1

SEC31-J

high

probable

low

P18

L1

SEC32-J

high

probable

low

P18

L1

SEC33-J

medium

probable

high

P4

L3

SEC34-J

high

probable

high

P6

L2

SEC35-J

low high

unlikely

medium

P2

L3

SEC36-J

medium

probable

high

P4

L3

SEC37-J

medium

likely

low

P18 P9

L1 L2

...

The CERT Sun Microsystems Secure Coding Standard for Java      The CERT Sun Microsystems Secure Coding Standard for Java      SEC01-J. Be careful using doPrivileged