 
                            
[Abadi 1996] Prudent Engineering Practice for Cryptographic Protocols, by Martin Abadi and Roger Needham, IEEE Transactions on Software Engineering Volume 22, Issue 1, Jan 1996 Page(s):6 - 15. (1996)
[API 2006] Java Platform, Standard Edition 6 API Specification , Sun Microsystems, Inc. (2006)
, Sun Microsystems, Inc. (2006)
[Austin 2000] Advanced Programming for the Java 2 Platform , by Calvin Austin and Monica Pawlan, Addison Wesley Longman. (2000)
, by Calvin Austin and Monica Pawlan, Addison Wesley Longman. (2000)
[Black 2004] Paul E. Black and Paul J. Tanenbaum, "partial order", in Dictionary of Algorithms and Data Structures [online], Paul E. Black, ed., U.S. National Institute of Standards and Technology. 17 December 2004. (accessed TODAY) Available from: http://www.itl.nist.gov/div897/sqg/dads/HTML/partialorder.html
[Black 2006] Paul E. Black and Paul J. Tanenbaum, "total order", in Dictionary of Algorithms and Data Structures [online], Paul E. Black, ed., U.S. National Institute of Standards and Technology. 30 March 2006. (accessed TODAY) Available from: http://www.itl.nist.gov/div897/sqg/dads/HTML/totalorder.html
[Bloch 2001] Effective Java, Programming Language Guide, by Joshua Bloch. Addison Wesley. (2001)
[Bloch 2005] Java⢠Puzzlers: Traps, Pitfalls, and Corner Cases, by Joshua Bloch and Neal Gafter. Pearson Education, Inc. (2005)
[Bloch 2005b] Yet More Programming Puzzlers , by Joshua Bloch and Neal Gafter. JavaOne Conference. (2005)
, by Joshua Bloch and Neal Gafter. JavaOne Conference. (2005)
[Bloch 2007] Effective Java⢠Reloaded: This Time It's (not) for Real , by Joshua Bloch. JavaOne Conference. (2007)
, by Joshua Bloch. JavaOne Conference. (2007)
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="0a339a95-1922-4796-8528-843bcb5e88d0"><ac:parameter ac:name="">Bloch 08</ac:parameter></ac:structured-macro>
[Bloch 2008] Effective Java, 2nd edition, by Joshua Bloch, Addison Wesley. (2008)
[Bloch 2009] Return of the Puzzlers: Schlock and Awe , by Joshua Bloch, Google Inc. and Neal Gafter, Microsoft Corporation. JavaOne Conference. (2009)
, by Joshua Bloch, Google Inc. and Neal Gafter, Microsoft Corporation. JavaOne Conference. (2009)
[Boehm 2005] Finalization, Threads, and the Java⢠Technology-Based Memory Model, by Hans-J. Boehm. JavaOne Conference. (2005)
[Campione 1996] The Java Tutorial, by Mary Campione and Kathy Walrath (1996)
 (1996)
[CCITT 1988] CCITT. CCITT Blue Book, Recommendation X.509 and IS0 9594-8: The Directory-Authentication Framework. Geneva. (1988)
[Chan 1999] The Java Class Libraries: Supplement for the Java 2 Platform, v1.2, second edition, Volume 1, by Patrick Chan, Rosanna Lee, Douglas Kramer. Prentice Hall. (1999)
[Chess 2007] Secure Programming with Static Analysis, by Brian Chess and Jacob West. Addison-Wesley Professional. (2007)
[Christudas 2005] Internals of Java Class Loading , ONJava. (2005)
, ONJava. (2005)
[Conventions 2009] Code Conventions for the Java Programming Language . Sun Microsystems, Inc. (2009)
. Sun Microsystems, Inc. (2009)
[CVE 2008] Common Vulnerability Exposure, MITRE Corporation. (2008)
[Coomes 2007] Garbage Collection-Friendly Programming by John Coomes, Peter Kessler, Tony Printezis. Java SE Garbage Collection Group Sun Microsystems, Inc. JavaOne Conference. (2007)
 by John Coomes, Peter Kessler, Tony Printezis. Java SE Garbage Collection Group Sun Microsystems, Inc. JavaOne Conference. (2007)
[Core Java 2004] Core Java⢠2 Volume I - Fundamentals, Seventh Edition by Cay S. Horstmann, Gary Cornell. Prentice Hall PTR. (2004)
[Cunningham 1995] "The CHECKS Pattern Language of Information Integrity", Pattern Languages of Program Design, by Ward Cunningham, edited by James O Coplien and Douglas C Schmidt. Addison-Wesley. (1995)
[Daconta 2000] When Runtime.exec() won't , by Michael C. Daconta, JavaWorld.com.  (2000)
, by Michael C. Daconta, JavaWorld.com.  (2000)
[Daconta 2003] More Java Pitfalls, by Michael C. Daconta, Kevin T. Smith, Donald Avondolio and W. Clay Richardson. Wiley Publishing Inc. (2003)
[Darwin 2004] Java Cookbook, by Ian F. Darwin (2004)
[Davis 2008] Unicode Standard Annex #15, Unicode Normalization Forms , by Mark Davis and Martin Dürst. (2008)
, by Mark Davis and Martin Dürst. (2008)
[Davis 2008b] Unicode Technical Report #36, Unicode Security Considerations , by Mark Davis and Michel Suignard. (2008)
, by Mark Davis and Michel Suignard. (2008)
[Dormann 2008] Signed Java Applet Security: Worse than ActiveX? , by Will Dormann. CERT Vulnerability Analysis Blog. (2008)
, by Will Dormann. CERT Vulnerability Analysis Blog. (2008)
[Doshi 2003] Best Practices for Exception Handling by Gunjan Doshi. (2003)
 by Gunjan Doshi. (2003)
[Eclipse 2008] The Eclipse Platform (2008)
[Encodings 2006] Supported Encodings , Sun Microsystems, Inc. (2006)
, Sun Microsystems, Inc. (2006)
[Enterprise 2003] Java Enterprise Best Practices, by the O'Reilly Java Authors. O'Reilly. (2003)
[ESA 2005] Java Coding Standards , prepared by: European Space Agency (ESA) Board for Software Standardisation and Control (BSSC). (2005)
, prepared by: European Space Agency (ESA) Board for Software Standardisation and Control (BSSC). (2005)
[Fairbanks 2007] Design Fragments (2007)
 (2007)
[FindBugs 2008] FindBugs Bug Descriptions (2008)
 (2008)
[Fisher 2003] JDBC API Tutorial and Reference, 3rd edition, by Maydene Fisher, Jon Ellis, and Jonathan Bruce, Prentice Hall, The Java Series. (2003)
[Flanagan 2005] Java in a Nutshell, 5th edition, by David Flanagan, O'Reilly Media, Inc. (2005)
[Fortify 2008] A Taxonomy of Coding Errors that Affect Security Java/JSP, Fortify Software. (2008)
 Java/JSP, Fortify Software. (2008)
[Fox 2001] When is a Singleton not a Singleton?, by Joshua Fox, Sun Developer Network (SDN) (2001)
[FT 2008] Function Table Class FunctionTable, Field detail, public static FuncLoader m_functions. (2008)
 Class FunctionTable, Field detail, public static FuncLoader m_functions. (2008)
[Gafter 2006] Neal Gafter's blog , by Neal Gafter's. (2006)
, by Neal Gafter's. (2006)
[Gamma 1995] Design Patterns: Elements of Reusable Object-Oriented Software, by Erich Gamma, Richard Helm, Ralph Johnson, John M. Vlissides. Addison-Wesley Professional Computing Series. (1995)
[Garms 2001] Professional Java Security, by Jess Garms and Daniel Somerfield. Wrox Press Ltd. (2001)
[Goetz 2002] Java theory and practice: Don't let the "this" reference escape during construction , by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2002)
, by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2002)
[Goetz 2004] Java theory and practice: Garbage collection and performance , by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2004)
, by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2004)
[Goetz 2004b] Java theory and practice: The exceptions debate: To check, or not to check? , by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2004)
, by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2004)
[Goetz 2004c] Java theory and practice: Going atomic , by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2004)
, by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2004)
[Goetz 2005] Java theory and practice: Be a good (event) listener, Guidelines for writing and supporting event listeners , by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2005)
, by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2005)
[Goetz 2005b] Java theory and practice: Plugging memory leaks with weak references , by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2005)
, by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2005)
[Goetz 2006] Java Concurrency in Practice, by Brian Goetz, Tim Peierls, Joshua Bloch, Joseph Bowbeer, David Holmes, Doug Lea. Addison Wesley Professional. (2006)
[Goetz 2006b] Java theory and practice: Good housekeeping practices , by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2006)
, by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2006)
[Goetz 2007] Java theory and practice: Managing volatility, Guidelines for using volatile variables , by Brian Goetz, Senior Staff Engineer, Sun Microsystems. IBM developerWorks (Java technology). (2006)
, by Brian Goetz, Senior Staff Engineer, Sun Microsystems. IBM developerWorks (Java technology). (2006)
[Goldberg 1991] Goldberg, David. What Every Computer Scientist Should Know About Floating-Point Arithmetic . Sun Microsystems, Inc. March 1991. (1991)
. Sun Microsystems, Inc. March 1991. (1991)
[Gong 2003] Inside Java 2 Platform Security: Architecture, API Design, and Implementation, 2nd edition, by Li Gong, Gary Ellison, and Mary Dageforde. Prentice Hall, The Java Series. (2003)
[Grand 2002] Patterns in Java, Volume 1, Second Edition, by Mark Grand. Wiley. (2002)
[Greanier 2000] Discover the secrets of the Java Serialization API , by Todd Greanier, Sun Developer Network (SDN). (2000)
, by Todd Greanier, Sun Developer Network (SDN). (2000)
[Green 2008] Canadian Mind Products Java & Internet Glossary by Roedy Green. (2008)
 by Roedy Green. (2008)
[Grosso 2001] Java RMI , by William Grosso. O'Reilly. (2001)
, by William Grosso. O'Reilly. (2001)
[Gupta 2005] Java memory leaks - Catch me if you can , by Satish Chandra Gupta and Rajeev Palanki. (2005)
, by Satish Chandra Gupta and Rajeev Palanki. (2005)
[Haack 2006] Immutable Objects in Java , by Christian Haack, Erik Poll, Jan Schafer and Aleksy Schubert. (2006)
, by Christian Haack, Erik Poll, Jan Schafer and Aleksy Schubert. (2006)
[Haggar 2000] Practical Java⢠Programming Language Guide, by Peter Haggar. Addison-Wesley Professional. (2000)
[Halloway 2000] Java Developer Connection Tech Tips , March 28, 2000, by Stuart Halloway.
, March 28, 2000, by Stuart Halloway.
[Halloway 2001] Java Developer Connection Tech Tips , January 30, 2001, by Stuart Halloway.
, January 30, 2001, by Stuart Halloway.
[Harold 1997] Java Secrets by Elliotte Rusty Harold. Wiley. (1997)
[Harold 1999] Java I/O, by Elliotte Rusty Harold. O'REILLY. (1999)
[Harold 2006] Java I/O, by Elliotte Rusty Harold (2nd Edition). O'Reilley. (2006)
[Hawtin 2008] Secure Coding Antipatterns: Preventing Attacks and Avoiding Vulnerabilities by Thomas Hawtin, Sun Microsystems, Inc. Make it Fly 2008, London. (2008)
 by Thomas Hawtin, Sun Microsystems, Inc. Make it Fly 2008, London. (2008)
[Henney 2003] Null Object, Something for Nothing , by Kevlin Henney (2003)
, by Kevlin Henney (2003)
[Hitchens 2002] Java⢠NIO, by Ron Hitchens. O'Reilly. (2002)
[Hornig 2007] Advanced Java⢠Globalization , by Charles Hornig, Globalization Architect, IBM Corporation. JavaOne Conference. (2007)
, by Charles Hornig, Globalization Architect, IBM Corporation. JavaOne Conference. (2007)
[Hovemeyer 2007] Finding more null pointer bugs, but not too many, by David Hovemeyer and William Pugh. Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering. (2007)
[Hunt 1998] Java's reliability: an analysis of software defects in Java, by J. Hunt and F. Long. Software IEE Proceedings. (1998)
[J2SE 2000] JavaTM 2 SDK, Standard Edition Documentation, Sun Microsystems, Inc. J2SE Documentation version 1.3 , Sun Microsystems, Inc. (2000)
, Sun Microsystems, Inc. (2000)
[JarSpec 2008] J2SE Documentation version 1.5, Jar File Specification , Sun Microsystems, Inc.  (2000)
, Sun Microsystems, Inc.  (2000)
[Java 2006] java - the Java application launcher , Sun Microsystems, Inc. (2006)
, Sun Microsystems, Inc. (2006)
[Java2NS 1999] Java 2 Network Security, by Marco Pistoia, Duane F. Reller, Deepak Gupta, Milind Nagnur, Ashok K. Ramani. IBM Corporation. (1999)
[JavaGenerics 2004] [http://java.sun.com/j2se/1.5.0/docs/guide/language/generics.html ], Sun Microsystems, Inc. (2004)
], Sun Microsystems, Inc. (2004)
[JavaThreads 1999] Java Threads (2nd Edition) by, Scott Oaks and Henry Wong. O'REILLY. (1999)
[JavaThreads 2004] Java Threads (3rd Edition) by, Scott Oaks and Henry Wong. O'REILLY. (2004)
[JDK7 2008] Java⢠Platform, Standard Edition 7 documentation , Sun Microsystems, Inc., 19 Dec 2008. (2008)
, Sun Microsystems, Inc., 19 Dec 2008. (2008)
[JLS 2005] Java Language Specification, 3rd edition. by James Gosling, Bill Joy, Guy Steele, and Gilad Bracha. Prentice Hall, The Java Series. The Java Language Specification. (2005)
 (2005)
[JMX 2006] Monitoring and Management for the Java Platform , Sun Microsystems, Inc. (2006)
, Sun Microsystems, Inc. (2006)
[JMXG 2006] Java SE Monitoring and Management Guide , Sun Microsystems, Inc. (2006)
, Sun Microsystems, Inc. (2006)
[JNI 2006] Java Native Interface , Sun Microsystems, Inc. (2006)
, Sun Microsystems, Inc. (2006)
[Jovanovic 2006] Nenad Jovanovic, Christopher Kruegel, Engin Kirda, Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper) , Proceedings of the 2006 IEEE Symposium on Security and Privacy (S&P'06), p.258-263, May 21-24 (2006)
, Proceedings of the 2006 IEEE Symposium on Security and Privacy (S&P'06), p.258-263, May 21-24 (2006)
[JPDA 2004] Java Platform Debugger Architecture (JPDA) , Sun Microsystems, Inc. (2004)
, Sun Microsystems, Inc. (2004)
[JPL 2006] The Java⢠Programming Language, Fourth Edition, by Ken Arnold, James Gosling, David Holmes. Addison Wesley Professional. (2006)
[JSR-133 2004] JSR-133: JavaTM Memory Model and Thread Specification . (2004)
. (2004)
[JVMTI 2006] Java Virtual Machine Tool Interface (JVM TI) , Sun Microsystems, Inc. (2006)
, Sun Microsystems, Inc. (2006)
[JVMSpec 1999] The Java Virtual Machine Specification , Sun Microsystems, Inc. (1999)
, Sun Microsystems, Inc. (1999)
[Kabanov 2009] The Ultimate Java Puzzler by Jevgeni Kabanov, Core developer of JavaRebel. February 16th, 2009. (2009)
 by Jevgeni Kabanov, Core developer of JavaRebel. February 16th, 2009. (2009)
[Kabutz 2001] The Java Specialists' Newsletter, by Dr. Heinz M. Kabutz. (2001)
[Kalinovsky 2004] Covert Java: Techniques for Decompiling, Patching, and Reverse Engineering, by Alex Kalinovsky. SAMS Publishing. (2004)
[Knoernschild 2001] Java⢠Design: Objects, UML, and Process, by Kirk Knoernschild. Addison-Wesley Professional. (2001)
[Lai 2008] Java Insecurity: Accounting for Subtleties That Can Compromise Code, by Charlie Lai, Sun Microsystems (2008)
 (2008)
[Langer 2008] http://www.angelikalanger.com/GenericsFAQ/FAQSections/ProgrammingIdioms.html , Angelica Langer. (2008)
, Angelica Langer. (2008)
[Lea 2000] Concurrent Programming in Java, 2nd edition, by Doug Lea. Addison Wesley, Sun Microsystems, Inc. (2000)
[Lea 2000b] Correct and Efficient Synchronization of Java⢠Technology based Threads , by Doug Lea and William Pugh. JavaOne Conference. (2000)
, by Doug Lea and William Pugh. JavaOne Conference. (2000)
[Lea 2008] The JSR-133 Cookbook for Compiler Writers , by Doug Lea. (2008)
, by Doug Lea. (2008)
[Lee 2009] Robust and Scalable Concurrent Programming: Lessons from the Trenches , by Sangjin Lee, Mahesh Somani, & Debashis Saha, eBay Inc. JavaOne Conference. (2009)
, by Sangjin Lee, Mahesh Somani, & Debashis Saha, eBay Inc. JavaOne Conference. (2009)
[Liang 1997] The Java⢠Native Interface, Programmer's Guide and Specification, by Sheng Liang. ADDISON-WESLEY. (1997)
[Liang 1998] Dynamic Class Loading in the Java⢠ Virtual Machine , by Sheng Liang and Gilad Bracha. Proceedings of the 13th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications. (1998)
, by Sheng Liang and Gilad Bracha. Proceedings of the 13th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications. (1998)
[Lieberman 1986] Using prototypical objects to implement shared behavior in object-oriented systems . In: Conference proceedings on Object-oriented programming systems, languages and applications. Portland 1986, p. 214-223 ISSN 0362-1340, by Henry Lieberman, Massachusetts Institute of Technology. (1986)
. In: Conference proceedings on Object-oriented programming systems, languages and applications. Portland 1986, p. 214-223 ISSN 0362-1340, by Henry Lieberman, Massachusetts Institute of Technology. (1986) 
[Lo 2005] Security Issues in Garbage Collection , by Dr. Chia-Tien Dan Lo, University of Texas at San Antonio, Dr. Witawas Srisa-an, University of Nebraska at Lincoln, Dr. J. Morris Chang, Iowa State University. STSC Crosstalk, October 2005 issue. (2005)
, by Dr. Chia-Tien Dan Lo, University of Texas at San Antonio, Dr. Witawas Srisa-an, University of Nebraska at Lincoln, Dr. J. Morris Chang, Iowa State University. STSC Crosstalk, October 2005 issue. (2005)
[Long 2005] Software Vulnerabilities in Java , by Fred Long, CMU/SEI-2005-TN-044. (2005)
, by Fred Long, CMU/SEI-2005-TN-044. (2005)
[Low 1997] Protecting Java Code via Obfuscation , by Douglas Low. (1997)
, by Douglas Low. (1997)
[Macgregor 1998] Java Network Security, by Robert Macgregor, Dave Durbin, John Owlett and Andrew Yeomans. Prentice Hall. (1998)
[Mahmoud 2002] Compressing and Decompressing Data Using Java APIs , by Qusay H. Mahmoud. Oracle. (2002)
, by Qusay H. Mahmoud. Oracle. (2002)
[Mak 2002] Java Number Cruncher, The Java Programmer's Guide to Numerical Computing, by Ronald Mak. Prentice Hall. (2002)
[Manson 2004] JSR 133 (Java Memory Model) FAQ , by Jeremy Manson and Brian Goetz. (2004)
, by Jeremy Manson and Brian Goetz. (2004)
[Manson 2006] The Java⢠Memory Model: the building block of concurrency , by Jeremy Manson and William Pugh, JavaOne Conference. (2006)
, by Jeremy Manson and William Pugh, JavaOne Conference. (2006)
[Martin 1996] Granularity , by Robert C. Martin. (1996)
, by Robert C. Martin. (1996)
[McCluskey 2001] Java Developer Connection Tech Tips, by Glen McCluskey, April 10, 2001. (2001)
[McGraw 2000] Securing Java, Getting Down to Business with Mobile Code, by Gary McGraw and Edward W. Felten. Wiley. (1999)
[Mcgraw 1998] Twelve rules for developing more secure Java code , Gary Mcgraw and Edward Felten, JavaWorld.com. (1998)
, Gary Mcgraw and Edward Felten, JavaWorld.com. (1998)
[Miller 2009] Java⢠Platform Concurrency Gotchas , by Alex Miller, Terracotta. JavaOne Conference. (2009)
, by Alex Miller, Terracotta. JavaOne Conference. (2009)
[MITRE 2009] Common Weakness Enumeration , MITRE Corporation. (2009)
, MITRE Corporation. (2009)
[Mocha 2007] Mocha, the Java Decompiler (2007)
 (2007)
[Monsch 2006] Ruining Security with java.util.Random Version 1.0, by Jan P. Monsch. (2006)
 Version 1.0, by Jan P. Monsch. (2006)
[MSDN 2009] Using SQL Escape Sequences , Microsoft Corporation. (2009)
, Microsoft Corporation. (2009)
[Muchow 2001] MIDlet Packaging with J2ME , by John W. Muchow (2001)
, by John W. Muchow (2001)
[Müller 2002] Exception Handling: Common Problems and Best Practice with Java 1.4 by Dr. Andreas Müller and Geoffrey Simmons, Sun Microsystems GmbH. (2002)
 by Dr. Andreas Müller and Geoffrey Simmons, Sun Microsystems GmbH. (2002)
[Naftalin 2006] Java Generics and Collections, Maurice Naftalin and Philip Wadler, O'Reilly (2006)
[Naftalin 2006b] Java⢠Generics and Collections: Tools for Productivity , by Maurice Naftalin, Morningside Light Ltd, Philip Wadler, University of Edinburgh. JavaOne Conference (2007)
, by Maurice Naftalin, Morningside Light Ltd, Philip Wadler, University of Edinburgh. JavaOne Conference (2007)
[Netzer 1992] What Are Race Conditions? Some Issues and Formalization , by ROBERT H. B. NETZER and BARTON P. MILLER, University of Wisconsin â” Madison. (1992)
, by ROBERT H. B. NETZER and BARTON P. MILLER, University of Wisconsin â” Madison. (1992)
[Neward 2004] Effective Enterprise Java, by Ted Neward. Addison Wesley Professional. (2004)
[Nisewanger 2007] Avoiding Antipatterns, by Jeff Nisewanger, JavaOne Conference (2007)
 (2007)
[Nolan 2004] Decompiling Java, by Godfrey Nolan, Apress . (2004)
. (2004)
[Oaks 2001] Java Security, by Scott Oaks. O'REILLY. (2001)
[Oracle 2010a] Java SE 6 HotSpot[tm] Virtual Machine Garbage Collection Tuning , Oracle Corporation.  (2010)
, Oracle Corporation.  (2010)
[OWASP 2005] A Guide to Building Secure Web Applications and Web Services . The Open Web Application Security Project. (2005)
. The Open Web Application Security Project. (2005)
[OWASP 2007] OWASP TOP 10 FOR JAVA EE . The Open Web Application Security Project. (2007)
. The Open Web Application Security Project. (2007)
[OWASP 2008] OWASP . (2008)
. (2008)
[Permissions 2008] Permissions in the Java⢠SE 6 Development Kit (JDK) , Sun Microsystems, Inc. (2008)
, Sun Microsystems, Inc. (2008)
[Philion 2003] Beware the dangers of generic Exceptions , by Paul Philion, JavaWorld.com. (2003)
, by Paul Philion, JavaWorld.com. (2003)
[Phillips 2005] Are We Counting Bytes Yet? at the 27th Internationalization and Unicode Conference, by by Addison P. Phillips. webMethods, Inc. (2005)
 at the 27th Internationalization and Unicode Conference, by by Addison P. Phillips. webMethods, Inc. (2005)
[Pistoia 2004] Enterprise Java Security: Building Secure J2EE Applications, by Marco Pistoia, Nataraj Nagaratnam, Larry Koved and Anthony Nadalin. Addison Wesley. (2004)
[Policy 2002] Default Policy Implementation and Policy File Syntax , Document revision 1.6, Sun Microsystems, Inc. (2002)
, Document revision 1.6, Sun Microsystems, Inc. (2002)
[Pugh 2004] The Java Memory Model (discussions reference) by William Pugh, Univ. of Maryland. (2004)
 by William Pugh, Univ. of Maryland. (2004)
[Pugh 2008] Defective Java Code: Turning WTF Code into a Learning Experience , by William Pugh, Univ. of Maryland. JavaOne Conference. (2008)
, by William Pugh, Univ. of Maryland. JavaOne Conference. (2008)
[Pugh 2009] Defective Java Code: Mistakes That Matter , by William Pugh, Univ. of Maryland. JavaOne Conference. (2009)
, by William Pugh, Univ. of Maryland. JavaOne Conference. (2009)
[Reasoning 2003] Reasoning Inspection Service Defect Data Tomcat v 1.4.24 , Reasoning. 14 Nov 2003. (2003)
, Reasoning. 14 Nov 2003. (2003)
[Reflect 2006] Reflection , Sun Microsystems, Inc. (2006)
, Sun Microsystems, Inc. (2006)
[Rotem 2008] Fallacies of Distributed Computing Explained , by Arnon Rotem-Gal-Oz. (2008)
, by Arnon Rotem-Gal-Oz. (2008)
[Roubtsov 2003] Breaking Java exception-handling rules is easy , by Vladimir Roubtsov, JavaWorld.com.  (2003)
, by Vladimir Roubtsov, JavaWorld.com.  (2003)
[Roubtsov 2003b] Into the mist of serialization myths , by Vladimir Roubtsov, JavaWorld.com.  (2003)
, by Vladimir Roubtsov, JavaWorld.com.  (2003)
[SCG 2007] Secure Coding Guidelines for the Java Programming Language, version 2.0, Sun Microsystems, Inc. (2007)
[SCG 2009] Secure Coding Guidelines for the Java Programming Language, version 3.0 , Sun Microsystems, Inc. (2009)
, Sun Microsystems, Inc. (2009)
[Schildt 2007] Herb Schildt's Java Programming Cookbook, Herb Schildt, McGraw-Hill (2007)
[Schneier 2000] Secrets and Liesâ”Digital Security in a Networked World , by Bruce Schneier. ISBN 0-471-25311-1, John Wiley and Sons. (2000)
[Schoenefeld 2004] Java Vulnerabilities in Opera 7.54 BUGTRAQ Mailing List (bugtraq@securityfocus.com), Nov 2004. (2004)
[Schwarz 2004] Avoiding Checked Exceptions , by Don Schwarz, ONJava (2004)
, by Don Schwarz, ONJava (2004)
[Schweisguth 2003] Java Tip 134: When catching exceptions, don't cast your net too wide , by  Dave Schweisguth. Javaworld.com. (2003)
, by  Dave Schweisguth. Javaworld.com. (2003)
[SDN 2008] SUN Developer Network , Sun Microsystems, Inc. (1994-2008)
, Sun Microsystems, Inc. (1994-2008)
[Seacord 2005] Seacord, Robert C. Secure Coding in C and C++. Boston, MA: Addison-Wesley. (2005)
See http://www.cert.org/books/secure-coding for news and errata.
 for news and errata.
[SecArch 2006] Java 2 Platform Security Architecture , Sun Microsystems, Inc. (2006)
, Sun Microsystems, Inc. (2006)
[Security 2006] Java Security Guides , Sun Microsystems, Inc. (2006)
, Sun Microsystems, Inc. (2006)
[SecuritySpec 2008] http://java.sun.com/j2se/1.5.0/docs/guide/security/spec/security-specTOC.fm.html , Sun Microsystems, Inc. (2008)
, Sun Microsystems, Inc. (2008)
[Sen 2007] Avoid the dangers of XPath injection , by Robi Sen, IBM developerWorks. (2007)
, by Robi Sen, IBM developerWorks. (2007)
[Steel 2005] Core Security Patterns: Best Practices and Strategies for J2EEâ¢, Web Services, and Identity Management, by Christopher Steel, Ramesh Nagappan and Ray Lai. Prentice Hall PTR / Sun Microsystems, Inc. (2005)
[Steinberg 2005] Java Developer Connection Tech Tips "Using the Varargs Language Feature" , Daniel H. Steinberg, January 4, 2005. (2005)
, Daniel H. Steinberg, January 4, 2005. (2005)
[Sterbenz 2006] Secure Coding Antipatterns: Avoiding Vulnerabilities , by Andreas Sterbenz and Charlie Lai, Sun Microsystems. JavaOne Conference. (2006)
, by Andreas Sterbenz and Charlie Lai, Sun Microsystems. JavaOne Conference. (2006)
[Steuck 2002] XXE (Xml eXternal Entity) attack , by Gregory Steuck (www.securityfocus.com). (2002)
, by Gregory Steuck (www.securityfocus.com). (2002)
[Sun 1999] Why Are Thread.stop, Thread.suspend, Thread.resume and Runtime.runFinalizersOnExit Deprecated? , Sun Microsystems, Inc. (1999)
, Sun Microsystems, Inc. (1999)
[Sun 2003] Sun ONE Application Server 7 Performance Tuning Guide , Sun Microsystems, Inc. (2003)
, Sun Microsystems, Inc. (2003)
[Sun 2006] Java⢠Platform, Standard Edition 6 documentation , Sun Microsystems, Inc. (2006)
, Sun Microsystems, Inc. (2006)
[Sun 2008] Java⢠ Plug-in and Applet Architecture , Sun Microsystems, Inc. (2008)
, Sun Microsystems, Inc. (2008)
[Sutherland 2010] Composable thread coloring , by Dean F. Sutherland and William L. Scherlis. Principles and Practice of Parallel Programming, Proceedings of the 15th ACM SIGPLAN symposium on Principles and practice of parallel programming. (2010)
, by Dean F. Sutherland and William L. Scherlis. Principles and Practice of Parallel Programming, Proceedings of the 15th ACM SIGPLAN symposium on Principles and practice of parallel programming. (2010)
[Tanenbaum 2003] Andrew S. Tanenbaum, Maarten Van Steen. Distributed Systems: Principles and Paradigms, 2/E . March, 2003. ISBN-10: 0132392275.
. March, 2003. ISBN-10: 0132392275.
[Techtalk 2007] The PhantomReference Menace. Attack of the Clone. Revenge of the Shift. , by Josh Bloch and William Pugh, JavaOne Conference. (2007)
, by Josh Bloch and William Pugh, JavaOne Conference. (2007)
[Tomcat 2009] Tomcat documentation, Changelog and Security fixes
 and Security fixes , the Apache Software Foundation. (2009)
, the Apache Software Foundation. (2009)
[Tutorials 2008] The Java Tutorials , Sun Microsystems, Inc. (2008)
, Sun Microsystems, Inc. (2008)
[Unicode 2009] The Unicode Consortium. The Unicode Standard, Version 5.2.0, defined by: The Unicode Standard, Version 5.2 , Mountain View, CA: The Unicode Consortium. ISBN 978-1-936213-00-9. (2009)
, Mountain View, CA: The Unicode Consortium. ISBN 978-1-936213-00-9. (2009)
[Venners 1997] Security and the class loader architecture Java World.com, by Bill Venners. (1997)
 Java World.com, by Bill Venners. (1997)
[Venners 2003] Failure and Exceptions, A Conversation with James Gosling, Part II , by Bill Venners. Artima.com. (2003)
, by Bill Venners. Artima.com. (2003)
[W3C 2008] Extensible Markup Language (XML) 1.0 (Fifth Edition) , W3C Recommendation, by Tim Bray, Jean Paoli, C. M. Sperberg-McQueen, Eve Maler and François Yergeau. (2008)
, W3C Recommendation, by Tim Bray, Jean Paoli, C. M. Sperberg-McQueen, Eve Maler and François Yergeau. (2008)
[Ware 2008] Writing Secure Java Code:A Taxonomy of Heuristics and an Evaluation of Static Analysis Tools , Michael S. Ware. (2008)
, Michael S. Ware. (2008)
[Weber 2009] Exploiting Unicode-enabled Software , by Chris Weber, Casaba Security. CanSecWest March 2009. (2009)
, by Chris Weber, Casaba Security. CanSecWest March 2009. (2009) 
[Wheeler 2003] Secure Programming for Linux and Unix HOWTO , David A. Wheeler. (2003)
, David A. Wheeler. (2003)
[Zukowski 2004] Java Developer Connection Tech Tips "Creating Custom Security Permissions" , John Zukowski, May 18, 2004. (2004)
, John Zukowski, May 18, 2004. (2004)
99. The Void (VOID) The CERT Oracle Secure Coding Standard for Java BB. Definitions