Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

49. Miscellaneous (MSC)

Created by Dhruv Mohindra, last modified on Oct 26, 2009

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Recommendations

MSC00-J. Eliminate class initialization cycles

MSC01-J. Avoid memory leaks

MSC02-J. Avoid cyclic dependencies between packages

MSC03-J. Prefer using Iterators over Enumerations

MSC04-J. Carefully design interfaces before releasing them

MSC05-J. Do not mix generic with non-generic raw types in new code

MSC08-J. Finish every set of statements associated with a case label with a break statement

MSC09-J. Do not assume infinite heap space

MSC11-J. Limit the lifetime of sensitive data

MSC12-J. Do not use insecure or weak cryptographic algorithms

Rules

MSC30-J. Generate truly random numbers

MSC31-J. Never hardcode sensitive information

MSC37-J. Make sensitive classes noncloneable

MSC38-J. Do not modify the underlying collection when an iteration is in progress

MSC45-J. Do not base critical decisions on IP addresses or DNS lookups

MSC46-J. Do not use Object.equals() to compare cryptographic keys

Risk Assessment Summary

Recommendations

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
MSC00- J	low	unlikely	medium	P2	L3
MSC01- J	low	unlikely	high	P1	L3
MSC02- J	low	probable	medium	P4	L3
MSC03- J	low	probable	medium	P4	L3
MSC04- J	low	unlikely	medium	P2	L3
MSC05- J	low	probable	high	P2	L3
MSC06- J	low	probable	medium	P4	L3
MSC07- J	medium	probable	high	P4	L3
MSC08- J	medium	unlikely	low	P6	L2
MSC09- J	low	probable	medium	P4	L3

Rules

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
MSC30- J	high	probable	medium	P12	L1
MSC31- J	high	probable	medium	P12	L1
MSC32- J	high	probable	medium	P12	L1
MSC33- J	medium	probable	high	P4	L3
MSC34- J	medium	probable	medium	P8	L2
MSC35- J	medium	probable	medium	P8	L2
MSC36- J	low	unlikely	high	P1	L3
MSC37- J	medium	probable	medium	P8	L2
MSC38- J	low	probable	medium	P4	L3

SER37-J. Do not deserialize from a privileged context The CERT Sun Microsystems Secure Coding Standard for Java MSC00-J. Eliminate class initialization cycles

No labels