Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

49. Miscellaneous (MSC)

Created by Dhruv Mohindra, last modified by Pennie Walters on Nov 19, 2009

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Guidelines

MSC00-J. Eliminate class initialization cycles

MSC01-J. Avoid memory leaks

MSC02-J. Avoid cyclic dependencies between packages

MSC03-J. Prefer using Iterators over Enumerations

MSC04-J. Carefully design interfaces before releasing them

MSC00-J. Do not mix generic with non-generic raw types in new code

MSC06-J. Finish every set of statements associated with a case label with a break statement

MSC07-J. Do not assume infinite heap space

MSC08-J. Limit the lifetime of sensitive data

MSC01-J. Do not use insecure or weak cryptographic algorithms

MSC10-J. Detect and remove dead code

MSC02-J. Generate truly random numbers

MSC03-J. Never hardcode sensitive information

MSC32-J. Make sensitive classes noncloneable

MSC33-J. Do not modify the underlying collection when an iteration is in progress

MSC34-J. Reserved (sent to the VOID)

MSC04-J. Do not use Object.equals() to compare cryptographic keys

MSC36-J. Use numerical comparison operators to terminate a loop whose counter changes by more than one

Risk Assessment Summary

Recommendations

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
MSC00- J	low	unlikely	medium	P2	L3
MSC01- J	low	unlikely	high	P1	L3
MSC02- J	low	probable	medium	P4	L3
MSC03- J	low	unlikely	medium	P2	L3
MSC04- J	low	probable	high	P2	L3
MSC05- J	low	probable	medium	P4	L3
MSC06- J	medium	unlikely	low	P6	L2
MSC07- J	low	probable	medium	P4	L3
MSC08- J	medium	likely	medium	P12	L1
MSC09- J	medium	probable	medium	P8	L2

Rules

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
MSC30- J	high	probable	medium	P12	L1
MSC31- J	high	probable	medium	P12	L1
MSC32- J	medium	probable	medium	P8	L2
MSC33- J	low	probable	medium	P4	L3
MSC35- J	high	unlikely	low	P9	L2
MSC36-J	low	unlikely	low	P1	L3

SER11-J. Do not invoke overridable methods from the readObject method The CERT Sun Microsystems Secure Coding Standard for Java MSC00-J. Eliminate class initialization cycles

No labels