 
                            Recommendations
FIO00-J. Validate deserialized objects
FIO01-J. Canonicalize path names originating from untrusted sources
FIO02-J. Use Runtime.exec() correctly
FIO04-J. Understand the limitations of the logging framework
FIO05-J. Document character encoding while performing file IO
Rules
FIO31-J. Create a copy of mutable inputs
FIO32-J. Do not serialize sensitive data
FIO33-J. Do not allow serialization and deserialization to bypass the Security Manager
FIO34-J. Ensure all resources are properly closed when they are no longer needed
FIO35-J. Exclude user input from format strings
FIO36-J. Never hardcode sensitive information
FIO37-J. Do not assume infinite heap space when reading in data
Risk Assessment Summary
Recommendations
| Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level | 
|---|---|---|---|---|---|
| FIO00-J | medium | probable | high | P4 | L3 | 
| FIO01-J | high | probable | high | P6 | L2 | 
| FIO02-J | high | probable | high | P6 | L2 | 
| FIO06-J | medium | probable | high | P4 | L3 | 
Rules
| Rules | Severity | Likelihood | Remediation Cost | Priority | Level | 
|---|---|---|---|---|---|
| FIO31-J | medium | probable | high | P4 | L3 | 
| FIO32-J | medium | likely | high | P6 | L2 | 
| FIO33-J | high | probable | high | P6 | L2 | 
| FIO35-J | medium | probable | high | P4 | L3 |