 
                            Guidelines
ENV00-J. Do not sign code that performs only unprivileged operations
ENV07-J. Do not deploy an application that can be accessed by the JVM Tool Interface
ENV03-J. Limit remote uses of JVM Monitoring and Managing
ENV04-J. Place all privileged code in a single package and seal the package
ENV02-J. Create a secure sandbox using a Security Manager
ENV31-J. Never grant AllPermission to untrusted code
ENV32-J. Do not grant ReflectPermission with target suppressAccessChecks
ENV33-J. Do not grant RuntimePermission with target createClassLoader
ENV34-J. Do not disable bytecode verification
ENV35-J. Provide a trusted environment and sanitize all inputs
Risk Assessment Summary
Recommendations
| Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level | 
|---|---|---|---|---|---|
| ENV00- J | high | probable | medium | P12 | L1 | 
| ENV01- J | low | unlikely | medium | P2 | L3 | 
| ENV02- J | high | probable | medium | P12 | L1 | 
| ENV03- J | high | probable | low | P18 | L1 | 
| ENV04- J | high | probable | medium | P12 | L1 | 
Rules
| Rule | Severity | Likelihood | Remediation Cost | Priority | Level | 
|---|---|---|---|---|---|
| ENV30- J | high | probable | low | P18 | L1 | 
| ENV31- J | high | likely | low | P27 | L1 | 
| ENV32- J | high | probable | low | P18 | L1 | 
| ENV33- J | high | probable | low | P18 | L1 | 
| ENV34- J | high | likely | low | P27 | L1 | 
| ENV35- J | high | probable | medium | P12 | L1 | 
00. Introduction The CERT Sun Microsystems Secure Coding Standard for Java