Guidelines
MSC00-J. Do not mix generic with non-generic raw types in new code
MSC01-J. Do not use insecure or weak cryptographic algorithms
MSC02-J. Generate strong random numbers
MSC03-J. Never hardcode sensitive information
MSC04-J. Do not use Object.equals() to compare cryptographic keys
MSC05-J. Make sensitive classes noncloneable
MSC07-J. Eliminate class initialization cycles
MSC08-J. Avoid cyclic dependencies between packages
MSC09-J. Carefully design interfaces before releasing them
MSC10-J. Limit the lifetime of sensitive data
MSC11-J. Do not assume infinite heap space
MSC12-J. Prefer using Iterators over Enumerations
MSC13-J. Do not modify the underlying collection when an iteration is in progress
MSC14-J. Finish every set of statements associated with a case label with a break statement
MSC16-J. Address the shortcomings of the Singleton design pattern
MSC17-J. Detect and remove dead code
Risk Assessment Summary
Guideline |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
MSC00-J |
low |
probable |
medium |
P4 |
L3 |
MSC01-J |
medium |
probable |
medium |
P8 |
L2 |
MSC02-J |
high |
probable |
medium |
P12 |
L1 |
MSC03-J |
high |
probable |
medium |
P12 |
L1 |
MSC04-J |
high |
unlikely |
low |
P9 |
L2 |
MSC05-J |
medium |
probable |
medium |
P8 |
L2 |
MSC06-J |
low |
unlikely |
high |
P1 |
L3 |
MSC07-J |
low |
unlikely |
medium |
P2 |
L3 |
MSC08-J |
low |
probable |
medium |
P4 |
L3 |
MSC09-J |
low |
probable |
high |
P2 |
L3 |
MSC10-J |
medium |
likely |
medium |
P12 |
L1 |
MSC11-J |
low |
probable |
medium |
P4 |
L3 |
MSC12-J |
low |
unlikely |
medium |
P2 |
L3 |
MSC13-J |
low |
probable |
medium |
P4 |
L3 |
MSC14-J |
medium |
unlikely |
low |
P6 |
L2 |
MSC15-J |
low |
unlikely |
low |
P3 |
L3 |
MSC16-J |
low |
unlikely |
medium |
P2 |
L3 |
SER13-J. Prevent overwriting of Externalizable Objects The CERT Oracle Secure Coding Standard for Java MSC00-J. Do not mix generic with non-generic raw types in new code