\[Abadi 1996\] Prudent Engineering Practice for Cryptographic Protocols, by Martin Abadi and Roger Needham, IEEE Transactions on Software Engineering Volume 22, Issue 1, Jan 1996 Page(s):6 - 15. (1996)

\[API 2006\] [Java Platform, Standard Edition 6 API Specification|http://java.sun.com/javase/6/docs/api/], Sun Microsystems, Inc. (2006)

\[Austin 2000\] [Advanced Programming for the Java 2 Platform|http://java.sun.com/developer/onlineTraining/Programming/JDCBook/index.html#contents], by Calvin Austin and Monica Pawlan, Addison Wesley Longman. (2000)

\[Black 2004\] Paul E. Black and Paul J. Tanenbaum, "partial order", in Dictionary of Algorithms and Data Structures [online], Paul E. Black, ed., U.S. National Institute of Standards and Technology. 17 December 2004. (accessed TODAY) Available from: http://www.itl.nist.gov/div897/sqg/dads/HTML/partialorder.html

\[Black 2006\] Paul E. Black and Paul J. Tanenbaum, "total order", in Dictionary of Algorithms and Data Structures [online], Paul E. Black, ed., U.S. National Institute of Standards and Technology. 30 March 2006. (accessed TODAY) Available from: http://www.itl.nist.gov/div897/sqg/dads/HTML/totalorder.html

\[Bloch 2001\] Effective Java, Programming Language Guide, by Joshua Bloch. Addison Wesley. (2001)

\[Bloch 2005\] Javaâ„¢ Puzzlers: Traps, Pitfalls, and Corner Cases, by Joshua Bloch and Neal Gafter. Pearson Education, Inc. (2005)

\[Bloch 2005b\] [Yet More Programming Puzzlers|http://gceclub.sun.com.cn/java_one_online/2005/TS-3738/], by Joshua Bloch and Neal Gafter. JavaOne Conference. (2005)

\[Bloch 2007\] [Effective Javaâ„¢ Reloaded: This Time It's (not) for Real|http://developers.sun.com/learning/javaoneonline/2007/pdf/TS-2689.pdf], by Joshua Bloch. JavaOne Conference. (2007)
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="7a702b01-1f64-4810-a8d3-d973102ff954"><ac:parameter ac:name="">Bloch 08</ac:parameter></ac:structured-macro>

\[Bloch 2008\] Effective Java, 2nd edition, by Joshua Bloch, Addison Wesley. (2008)

\[Bloch 2009\] [Return of the Puzzlers: Schlock and Awe|http://developers.sun.com/learning/javaoneonline/sessions/2009/pdf/TS-5186.pdf], by Joshua Bloch, Google Inc. and Neal Gafter, Microsoft Corporation. JavaOne Conference. (2009)

\[Boehm 2005\] Finalization, Threads, and the Javaâ„¢ Technology-Based Memory Model, by Hans-J. Boehm. JavaOne Conference. (2005)

\[Campione 1996\] [The Java Tutorial, by Mary Campione and Kathy Walrath|http://www.telecom.ntua.gr/HTML.Tutorials/index.html] (1996)

\[CCITT 1988\] CCITT. CCITT Blue Book, Recommendation X.509 and IS0 9594-8: The Directory-Authentication Framework. Geneva.  (1988)

\[Chan 1999\] The Java Class Libraries: Supplement for the Java 2 Platform, v1.2, second edition, Volume 1, by Patrick Chan, Rosanna Lee, Douglas Kramer. Prentice Hall. (1999)

\[Chess 2007\] Secure Programming with Static Analysis, by Brian Chess and Jacob West. Addison-Wesley Professional. (2007)

\[Christudas 2005\] [Internals of Java Class Loading|http://www.onjava.com/pub/a/onjava/2005/01/26/classloading.html], ONJava. (2005)

\[Conventions 2009\] [Code Conventions for the Java Programming Language|http://java.sun.com/docs/codeconv/]. Sun Microsystems, Inc. (2009)

\[CVE 2008\] Common Vulnerability Exposure, MITRE Corporation. (2008)

\[Coomes 2007\] [Garbage Collection-Friendly Programming|http://developers.sun.com/learning/javaoneonline/2007/pdf/TS-2906.pdf] by John Coomes, Peter Kessler, Tony Printezis. Java SE Garbage Collection Group Sun Microsystems, Inc. JavaOne Conference. (2007)

\[Core Java 2004\] Core Javaâ„¢ 2 Volume I - Fundamentals, Seventh Edition by Cay S. Horstmann, Gary Cornell. Prentice Hall PTR. (2004)

\[Cunningham 1995\] "The CHECKS Pattern Language of Information Integrity", Pattern Languages of Program Design, by Ward Cunningham, edited by James O Coplien and Douglas C Schmidt. Addison-Wesley. (1995)

\[Daconta 2000\] [When Runtime.exec() won't|http://www.javaworld.com/javaworld/jw-12-2000/jw-1229-traps.html], by Michael C. Daconta, JavaWorld.com.  (2000)

\[Daconta 2003\] More Java Pitfalls, by Michael C. Daconta, Kevin T. Smith, Donald Avondolio and W. Clay Richardson. Wiley Publishing Inc. (2003)

\[Unicode 2008\] [Unicode Standard Annex #15, Unicode Normalization Forms|http://unicode.org/reports/tr15/], by Mark Davis and Martin Dürst. (2008)

\[Unicode 2008b\] [Unicode Technical Report #36, Unicode Security Considerations|http://www.unicode.org/reports/tr36/], by Mark Davis and Michel Suignard. (2008)

\[Dormann 2008\] [Signed Java Applet Security: Worse than ActiveX?|http://www.cert.org/blogs/vuls/2008/06/signed_java_security_worse_tha.html], by Will Dormann. CERT Vulnerability Analysis Blog. (2008)

\[Darwin 2004\] Java Cookbook, by Ian F. Darwin (2004)

\[Doshi 2003\] [Best Practices for Exception Handling|http://www.onjava.com/pub/a/onjava/2003/11/19/exceptions.html] by Gunjan Doshi. (2003)

\[Eclipse 2008\] The Eclipse Platform (2008)

\[Encodings 2006\] [Supported Encodings|http://java.sun.com/javase/6/docs/technotes/guides/intl/encoding.doc.html], Sun Microsystems, Inc. (2006)

\[Enterprise 2003\] Java Enterprise Best Practices, by the O'Reilly Java Authors. O'Reilly. (2003)

\[ESA 2005\] [Java Coding Standards|ftp://ftp.estec.esa.nl/pub/wm/wme/bssc/Java-Coding-Standards-20050303-releaseA.pdf], prepared by: European Space Agency (ESA) Board for Software Standardisation and Control (BSSC). (2005)

\[FindBugs 2008\] [FindBugs Bug Descriptions|http://findbugs.sourceforge.net/bugDescriptions.html] (2008)

\[Fisher 2003\] JDBC API Tutorial and Reference, 3rd edition, by Maydene Fisher, Jon Ellis, and Jonathan Bruce, Prentice Hall, The Java Series. (2003)

\[Flanagan 2005\] Java in a Nutshell, 5th edition, by David Flanagan, O'Reilly Media, Inc. (2005)

\[Fortify 2008\] [A Taxonomy of Coding Errors that Affect Security|http://www.fortify.com/vulncat/en/vulncat/index.html] Java/JSP, Fortify Software. (2008)

\[Fox 2001\] When is a Singleton not a Singleton?, by Joshua Fox, Sun Developer Network (SDN) (2001)

\[FT 2008\] [Function Table|http://www.stylusstudio.com/api/xalan-j_2_6_0/org/apache/xpath/compiler/FunctionTable.htm] Class FunctionTable, Field detail, public static FuncLoader m_functions. (2008)

\[Gafter 2006\] [Neal Gafter's blog|http://gafter.blogspot.com/], by Neal Gafter's. (2006)

\[Gamma 1995\] Design Patterns: Elements of Reusable Object-Oriented Software, by Erich Gamma, Richard Helm, Ralph Johnson, John M. Vlissides. Addison-Wesley Professional Computing Series. (1995)

\[Garms 2001\] Professional Java Security, by Jess Garms and Daniel Somerfield. Wrox Press Ltd. (2001)

\[Goetz 2002\] [Java theory and practice: Don't let the "this" reference escape during construction|http://www.ibm.com/developerworks/java/library/j-jtp0618.html], by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2002)

\[Goetz 2004\] [Java theory and practice: Garbage collection and performance|http://www.ibm.com/developerworks/java/library/j-jtp01274.html], by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2004)

\[Goetz 2004b\] [Java theory and practice: The exceptions debate: To check, or not to check?|http://www.ibm.com/developerworks/library/j-jtp05254.html], by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2004)

\[Goetz 2004c\] [Java theory and practice: Going atomic|http://www.ibm.com/developerworks/java/library/j-jtp11234/], by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2004)

\[Goetz 2005\] [Java theory and practice: Be a good (event) listener, Guidelines for writing and supporting event listeners|http://www.ibm.com/developerworks/java/library/j-jtp07265/index.html], by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2005)

\[Goetz 2005b\] [Java theory and practice: Plugging memory leaks with weak references|http://www.ibm.com/developerworks/java/library/j-jtp11225/], by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2005)

\[Goetz 2006\] Java Concurrency in Practice, by Brian Goetz, Tim Peierls, Joshua Bloch, Joseph Bowbeer, David Holmes, Doug Lea. Addison Wesley Professional. (2006)

\[Goetz 2006b\] [Java theory and practice: Good housekeeping practices|http://www.ibm.com/developerworks/java/library/j-jtp03216.html], by Brian Goetz, Principal Consultant, Quiotix. IBM developerWorks (Java technology). (2006)

\[Goetz 2007\] [Java theory and practice: Managing volatility, Guidelines for using volatile variables|http://www.ibm.com/developerworks/java/library/j-jtp06197.html], by Brian Goetz, Senior Staff Engineer, Sun Microsystems. IBM developerWorks (Java technology). (2006)

\[Goldberg 1991\] Goldberg, David. [What Every Computer Scientist Should Know About Floating-Point Arithmetic|http://docs.sun.com/source/806-3568/ncg_goldberg.html]. Sun Microsystems, Inc. March 1991. (1991)

\[Gong 2003\] Inside Java 2 Platform Security: Architecture, API Design, and Implementation, 2nd edition, by Li Gong, Gary Ellison, and Mary Dageforde. Prentice Hall, The Java Series. (2003)

\[Greanier 2000\] [Discover the secrets of the Java Serialization API|http://java.sun.com/developer/technicalArticles/Programming/serialization/], by Todd Greanier, Sun Developer Network (SDN). (2000)

\[Green 2008\] [Canadian Mind Products Java & Internet Glossary|http://mindprod.com/jgloss/jgloss.html] by Roedy Green. (2008)

\[Grosso 2001\] [Java RMI|http://oreilly.com/catalog/javarmi/chapter/ch10.html], by William Grosso. O'Reilly. (2001)

\[Gupta 2005\] [Java memory leaks - Catch me if you can|http://www.ibm.com/developerworks/rational/library/05/0816_GuptaPalanki/], by Satish Chandra Gupta and Rajeev Palanki. (2005)

\[Haack 2006\] [Immutable Objects in Java|https://pms.cs.ru.nl/iris-diglib/src/getContent.php?id=2006-Haack-ObjectsImmutable], by Christian Haack, Erik Poll, Jan Schafer and Aleksy Schubert. (2006)

\[Haggar 2000\] Practical Javaâ„¢ Programming Language Guide, by Peter Haggar. Addison-Wesley Professional. (2000)

\[Halloway 2000\] [Java Developer Connection Tech Tips|http://java.sun.com/developer/TechTips/2000/tt0328.html], March 28, 2000, by Stuart Halloway.

\[Halloway 2001\] [Java Developer Connection Tech Tips|http://java.sun.com/developer/JDCTechTips/2001/tt0130.html], January 30, 2001, by Stuart Halloway.

\[Harold 1997\] Java Secrets by Elliotte Rusty Harold. Wiley. (1997)

\[Harold 1999\] Java I/O, by Elliotte Rusty Harold. O'REILLY. (1999)

\[Harold 2006\] Java I/O, by Elliotte Rusty Harold (2nd Edition). O'Reilley. (2006)

\[Hawtin 2008\] [Secure Coding Antipatterns: Preventing Attacks and Avoiding Vulnerabilities|http://www.makeitfly.co.uk/Presentations/london-securecoding.pdf] by Thomas Hawtin, Sun Microsystems, Inc. Make it Fly 2008, London. (2008)

\[Henney 2003\] [Null Object, Something for Nothing|http://www.two-sdg.demon.co.uk/curbralan/papers/europlop/NullObject.pdf], by Kevlin Henney (2003)

\[Hitchens 2002\] Javaâ„¢ NIO, by Ron Hitchens. O'Reilly. (2002) 

\[Hornig 2007\] [Advanced Javaâ„¢ Globalization|http://developers.sun.com/learning/javaoneonline/2007/pdf/TS-2873.pdf], by Charles Hornig, Globalization Architect, IBM Corporation. JavaOne Conference. (2007)

\[Hovemeyer 2007\] Finding more null pointer bugs, but not too many, by David Hovemeyer and William Pugh. Proceedings of the 7th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering. (2007)

\[Hunt 1998\] Java's reliability: an analysis of software defects in Java, by J. Hunt and F. Long. Software IEE Proceedings. (1998)

\[J2SE 2000\] JavaTM 2 SDK, Standard Edition Documentation, Sun Microsystems, Inc. [J2SE Documentation version 1.3|http://java.sun.com/j2se/1.3/docs/guide/], Sun Microsystems, Inc. (2000)

\[JarSpec 2008\] J2SE Documentation version 1.5, [Jar File Specification|http://java.sun.com/j2se/1.5.0/docs/guide/jar/jar.html], Sun Microsystems, Inc.  (2000)

\[Java 2006\] [java - the Java application launcher|http://java.sun.com/javase/6/docs/technotes/tools/windows/java.html], Sun Microsystems, Inc. (2006)

\[Java2NS 1999\] Java 2 Network Security, by Marco Pistoia, Duane F. Reller, Deepak Gupta, Milind Nagnur, Ashok K. Ramani. IBM Corporation. (1999)

\[JavaGenerics 2004\] \[[http://java.sun.com/j2se/1.5.0/docs/guide/language/generics.html]\], Sun Microsystems, Inc. (2004)

\[JavaThreads 1999\] Java Threads (2nd Edition) by, Scott Oaks and Henry Wong. O'REILLY. (1999)

\[JavaThreads 2004\] Java Threads (3rd Edition) by, Scott Oaks and Henry Wong. O'REILLY. (2004)

\[JDK7 2008\] [Javaâ„¢ Platform, Standard Edition 7 documentation|http://download.java.net/jdk7/docs/], Sun Microsystems, Inc., 19 Dec 2008. (2008)

\[JLS 2005\] Java Language Specification, 3rd edition. by James Gosling, Bill Joy, Guy Steele, and Gilad Bracha. Prentice Hall, The Java Series. [The Java Language Specification.|http://java.sun.com/docs/books/jls/index.html] (2005)

\[JMX 2006\] [Monitoring and Management for the Java Platform|http://java.sun.com/javase/6/docs/technotes/guides/management/index.html], Sun Microsystems, Inc. (2006)

\[JMXG 2006\] [Java SE Monitoring and Management Guide|http://java.sun.com/javase/6/docs/technotes/guides/management/toc.html], Sun Microsystems, Inc. (2006)

\[JNI 2006\] [Java Native Interface|http://java.sun.com/javase/6/docs/technotes/guides/jni/index.html], Sun Microsystems, Inc. (2006)

\[JPDA 2004\] [Java Platform Debugger Architecture (JPDA)|http://java.sun.com/javase/6/docs/technotes/guides/jpda/index.html], Sun Microsystems, Inc. (2004)

\[JPL 2006\] The Javaâ„¢ Programming Language, Fourth Edition, by Ken Arnold, James Gosling, David Holmes. Addison Wesley Professional. (2006)

\[JSR-133 2004\] [JSR-133: JavaTM Memory Model and Thread Specification|http://www.cs.umd.edu/~pugh/java/memoryModel/jsr133.pdf]. (2004)

\[JVMTI 2006\] [Java Virtual Machine Tool Interface (JVM TI)|http://java.sun.com/javase/6/docs/technotes/guides/jvmti/index.html], Sun Microsystems, Inc. (2006)

\[JVMSpec 1999\] [The Java Virtual Machine Specification|http://java.sun.com/docs/books/jvms/], Sun Microsystems, Inc. (1999)

\[Kabanov 2009\] [The Ultimate Java Puzzler|http://dow.ngra.de/2009/02/16/the-ultimate-java-puzzler/] by Jevgeni Kabanov, Core developer of JavaRebel. February 16th, 2009. (2009)

\[Kabutz 2001\] The Java Specialists' Newsletter, by Dr. Heinz M. Kabutz. (2001)

\[Kalinovsky 2004\] Covert Java: Techniques for Decompiling, Patching, and Reverse Engineering, by Alex Kalinovsky. SAMS Publishing.  (2004)

\[Knoernschild 2001\]  Javaâ„¢ Design: Objects, UML, and Process, by Kirk Knoernschild. Addison-Wesley Professional. (2001)

\[Lai 2008\] [Java Insecurity: Accounting for Subtleties That Can Compromise Code, by Charlie Lai, Sun Microsystems|http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=4420062] (2008)

\[Langer 2008\] [http://www.angelikalanger.com/GenericsFAQ/FAQSections/ProgrammingIdioms.html|http://www.angelikalanger.com/GenericsFAQ/FAQSections/ProgrammingIdioms.html], Angelica Langer. (2008)

\[Lea 2000\] Concurrent Programming in Java, 2nd edition, by Doug Lea. Addison Wesley, Sun Microsystems, Inc. (2000)

\[Lea 2000b\] [Correct and Efficient Synchronization of Javaâ„¢ Technology based Threads|http://www.cs.umd.edu/~pugh/java/memoryModel/TS-754.pdf], by Doug Lea and William Pugh. JavaOne Conference. (2000)

\[Lea 2008\] [The JSR-133 Cookbook for Compiler Writers|http://g.oswego.edu/dl/jmm/cookbook.html], by Doug Lea. (2008)

\[Lee 2009\] [Robust and Scalable Concurrent Programming: Lessons from the Trenches|http://developers.sun.com/learning/javaoneonline/sessions/2009/pdf/TS-4620.pdf], by Sangjin Lee, Mahesh Somani, & Debashis Saha, eBay Inc. JavaOne Conference. (2009)

\[Liang 1997\] The Javaâ„¢ Native Interface, Programmer's Guide and Specification, by Sheng Liang. ADDISON-WESLEY. (1997)

\[Liang 1998\] [Dynamic Class Loading in the Javaâ„¢  Virtual Machine|http://portal.acm.org/citation.cfm?doid=286936.286945], by Sheng Liang and Gilad Bracha. Proceedings of the 13th ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications. (1998)

\[Lieberman 1986\] [Using prototypical objects to implement shared behavior in object-oriented systems|http://portal.acm.org/citation.cfm?id=28718]. In: Conference proceedings on Object-oriented programming systems, languages and applications. Portland 1986, p. 214-223 ISSN 0362-1340, by Henry Lieberman, Massachusetts Institute of Technology. (1986) 

\[Long 2005\] [Software Vulnerabilities in Java|http://www.sei.cmu.edu/publications/documents/05.reports/05tn044.html], by Fred Long, CMU/SEI-2005-TN-044. (2005)

\[Lo 2005\] [Security Issues in Garbage Collection|http://www.stsc.hill.af.mil/crosstalk/2005/10/0510DanLo.html], by Dr. Chia-Tien Dan Lo, University of Texas at San Antonio, Dr. Witawas Srisa-an, University of Nebraska at Lincoln, Dr. J. Morris Chang, Iowa State University. STSC Crosstalk, October 2005 issue. (2005)

\[Low 1997\] [Protecting Java Code via Obfuscation|http://www.cs.arizona.edu/~collberg/Research/Students/DouglasLow/obfuscation.html], by Douglas Low. (1997)

\[Macgregor 1998\] Java Network Security, by Robert Macgregor, Dave Durbin, John Owlett and Andrew Yeomans. Prentice Hall. (1998)

\[Mak 2002\] Java Number Cruncher, The Java Programmer's Guide to Numerical Computing, by Ronald Mak. Prentice Hall. (2002)

\[Manson 2004\] [JSR 133 (Java Memory Model) FAQ|http://www.cs.umd.edu/~pugh/java/memoryModel/jsr-133-faq.html#finalRight], by Jeremy Manson and Brian Goetz. (2004)

\[Manson 2006\] [The Javaâ„¢ Memory Model: the building block of concurrency|http://developers.sun.com/learning/javaoneonline/2006/coreplatform/TS-1630.pdf], by Jeremy Manson and William Pugh, JavaOne Conference. (2006)

\[Martin 1996\] [Granularity|http://www.objectmentor.com/resources/articles/granularity.pdf], by Robert C. Martin. (1996)

\[McCluskey 2001\] Java Developer Connection Tech Tips, by Glen McCluskey, April 10, 2001. (2001)

\[McGraw 2000\] Securing Java, Getting Down to Business with Mobile Code, by Gary McGraw and Edward W. Felten. Wiley. (1999)

\[Mcgraw 1998\] [Twelve rules for developing more secure Java code|http://www.javaworld.com/javaworld/jw-12-1998/jw-12-securityrules.html], Gary Mcgraw and Edward Felten, JavaWorld.com. (1998)

\[Miller 2009\] [Javaâ„¢ Platform Concurrency Gotchas|http://developers.sun.com/learning/javaoneonline/sessions/2009/pdf/TS-4863.pdf], by Alex Miller, Terracotta. JavaOne Conference. (2009)

\[MITRE 2009\] [Common Weakness Enumeration|http://cwe.mitre.org/], MITRE Corporation. (2009)

\[Mocha 2007\] [Mocha, the Java Decompiler|http://www.brouhaha.com/~eric/software/mocha/] (2007)

\[Monsch 2006\] [Ruining Security with java.util.Random|http://www.iplosion.com/papers/ruining_security_with_java.util.random_v1.0.p] Version 1.0, by Jan P. Monsch. (2006)

\[MSDN 2009\] [Using SQL Escape Sequences|http://msdn.microsoft.com/en-us/library/ms378045(SQL.90).aspx], Microsoft Corporation. (2009)

\[Muchow 2001\] [MIDlet Packaging with J2ME|http://www.onjava.com/pub/a/onjava/2001/04/26/midlet.html], by John W. Muchow (2001)

\[Müller 2002\] [Exception Handling: Common Problems and Best Practice with Java 1.4|http://www.old.netobjectdays.org/pdf/02/papers/industry/1430.pdf] by Dr. Andreas Müller and Geoffrey Simmons, Sun Microsystems GmbH. (2002)

\[Naftalin 2006\] Java Generics and Collections, Maurice Naftalin and  Philip Wadler, O'Reilly (2006)

\[Naftalin 2006b\] [Javaâ„¢ Generics and Collections: Tools for Productivity|http://gceclub.sun.com.cn/java_one_online/2007/pdf/TS-2890.pdf], by Maurice Naftalin, Morningside Light Ltd, Philip Wadler, University of Edinburgh. JavaOne Conference (2007)

\[Netzer 1992\] [What Are Race Conditions? Some Issues and Formalization|http://portal.acm.org/citation.cfm?id=130616.130623], by ROBERT H. B. NETZER and BARTON P. MILLER, University of Wisconsin — Madison. (1992)

\[Neward 2004\] Effective Enterprise Java, by Ted Neward. Addison Wesley Professional. (2004)

\[Nisewanger 2007\] [Avoiding Antipatterns, by Jeff Nisewanger, JavaOne Conference|http://developers.sun.com/learning/javaoneonline/2007/pdf/TS-2594.pdf] (2007)

\[Nolan 2004\] Decompiling Java, by Godfrey Nolan, [Apress|http://www.apress.com/]. (2004)

\[Oaks 2001\] Java Security, by Scott Oaks. O'REILLY. (2001)

\[Oracle 2010a\] [Java SE 6 HotSpot\[tm\] Virtual Machine Garbage Collection Tuning|http://java.sun.com/javase/technologies/hotspot/gc/gc_tuning_6.html], Oracle Corporation.  (2010)

\[OWASP 2005\] [A Guide to Building Secure Web Applications and Web Services|http://internap.dl.sourceforge.net/sourceforge/owasp/OWASPGuide2.0.1.pdf]. The Open Web Application Security Project. (2005)

\[OWASP 2007\] [OWASP TOP 10 FOR JAVA EE|https://www.owasp.org/images/8/89/OWASP_Top_10_2007_for_JEE.pdf]. The Open Web Application Security Project. (2007)

\[OWASP 2008\] [OWASP|http://www.owasp.org/index.php/Main_Page]. (2008)

\[Patterns 2002\] Patterns in Java, Volume 1, Second Edition, by Mark Grand. Wiley. (2002)

\[Permissions 2008\] [Permissions in the Javaâ„¢ SE 6 Development Kit (JDK)|http://java.sun.com/javase/6/docs/technotes/guides/security/permissions.html], Sun Microsystems, Inc. (2008)

\[Philion 2003\] [Beware the dangers of generic Exceptions|http://www.javaworld.com/javaworld/jw-10-2003/jw-1003-generics.html?page=2#sidebar1], by Paul Philion, JavaWorld.com. (2003)

\[Phillips 2005\] [Are We Counting Bytes Yet?|http://www.inter-locale.com/whitepaper/IUC27-a303.html] at the 27th Internationalization and Unicode Conference, by by Addison P. Phillips. webMethods, Inc. (2005)

\[Pistoia 2004\] Enterprise Java Security: Building Secure J2EE Applications, by Marco Pistoia, Nataraj Nagaratnam, Larry Koved and Anthony Nadalin. Addison Wesley. (2004)

\[Policy 2002\] [Default Policy Implementation and Policy File Syntax|http://java.sun.com/javase/6/docs/technotes/guides/security/PolicyFiles.html], Document revision 1.6, Sun Microsystems, Inc. (2002)

\[Pugh 2008\] [Defective Java Code: Turning WTF Code into a Learning Experience|http://developers.sun.com/learning/javaoneonline/2008/pdf/TS-6589.pdf?cid=925745], by William Pugh, Univ. of Maryland. JavaOne Conference. (2008)

\[Pugh 2004\] [The Java Memory Model (discussions reference)|http://www.cs.umd.edu/~pugh/java/memoryModel/] by William Pugh, Univ. of Maryland. (2004)

\[Pugh 2009\] [Defective Java Code: Mistakes That Matter|http://developers.sun.com/learning/javaoneonline/sessions/2009/pdf/TS-5335.pdf], by William Pugh, Univ. of Maryland. JavaOne Conference. (2009)

\[Reasoning 2003\] [Reasoning Inspection Service Defect Data Tomcat v 1.4.24|http://www.reasoning.com/pdf/Tomcat_Defect_Report.pdf], Reasoning. 14 Nov 2003. (2003)

\[Reflect 2006\] [Reflection|http://java.sun.com/javase/6/docs/technotes/guides/reflection/index.html], Sun Microsystems, Inc. (2006)

\[Rotem 2008\] [Fallacies of Distributed Computing Explained|http://www.rgoarchitects.com/Files/fallacies.pdf], by Arnon Rotem-Gal-Oz. (2008)

\[Roubtsov 2003\] [Breaking Java exception-handling rules is easy|http://www.javaworld.com/javaworld/javaqa/2003-02/02-qa-0228-evilthrow.html], by Vladimir Roubtsov, JavaWorld.com.  (2003)

\[Roubtsov 2003b\] [Into the mist of serialization myths|http://www.javaworld.com/javaworld/javaqa/2003-06/02-qa-0627-mythser.html?page=1], by Vladimir Roubtsov, JavaWorld.com.  (2003)

\[Schneier 2000\] Secrets and Lies—Digital Security in a Networked World , by Bruce Schneier. ISBN 0-471-25311-1, John Wiley and Sons. (2000)

\[SCG 2007\] [Secure Coding Guidelines for the Java Programming Language, version 2.0], Sun Microsystems, Inc. (2007)

\[SCG 2009\] [Secure Coding Guidelines for the Java Programming Language, version 3.0|http://java.sun.com/security/seccodeguide.html], Sun Microsystems, Inc. (2009)

\[Schildt 2007\] Herb Schildt's Java Programming Cookbook, Herb Schildt, McGraw-Hill (2007)

\[Schwarz 2004\] [Avoiding Checked Exceptions|http://www.oreillynet.com/onjava/blog/2004/09/avoiding_checked_exceptions.html], by Don Schwarz, ONJava (2004)

\[Schoenefeld 2004\] Java Vulnerabilities in Opera 7.54  BUGTRAQ Mailing List (bugtraq@securityfocus.com), Nov 2004. (2004)

\[Schweisguth 2003\] [Java Tip 134: When catching exceptions, don't cast your net too wide|http://www.javaworld.com/javaworld/javatips/jw-javatip134.html?page=2], by  Dave Schweisguth. Javaworld.com. (2003)

\[Seacord 2005\] Seacord, Robert C. _Secure Coding in C and C+\+_. Boston, MA: Addison-Wesley. (2005)

\[SecArch 2006\] [Java 2 Platform Security Architecture|http://java.sun.com/javase/6/docs/technotes/guides/security/spec/security-spec.doc.html], Sun Microsystems, Inc. (2006)

\[Security 2006\] [Java Security Guides|http://java.sun.com/javase/6/docs/technotes/guides/security/], Sun Microsystems, Inc. (2006)

\[SecuritySpec 2008\] [http://java.sun.com/j2se/1.5.0/docs/guide/security/spec/security-specTOC.fm.html], Sun Microsystems, Inc. (2008)

\[Steel 2005\] Core Security Patterns: Best Practices and Strategies for J2EEâ„¢, Web Services, and Identity Management, by Christopher Steel, Ramesh Nagappan and Ray Lai. Prentice Hall PTR / Sun Microsystems, Inc. (2005)

\[Sterbenz 2006\] [Secure Coding Antipatterns: Avoiding Vulnerabilities|http://gceclub.sun.com.cn/java_one_online/2006/TS-1238/TS-1238.pdf], by Andreas Sterbenz and Charlie Lai, Sun Microsystems. JavaOne Conference. (2006)

\[Steuck 2002\] [XXE (Xml eXternal Entity) attack|http://www.securityfocus.com/archive/1/297714], by Gregory Steuck (www.securityfocus.com). (2002)
<ac:structured-macro ac:name="anchor" ac:schema-version="1" ac:macro-id="a00d190d-1ce7-43e7-8ae0-328d4028044c"><ac:parameter ac:name="">SDN 08</ac:parameter></ac:structured-macro>

\[SDN 2008\] [SUN Developer Network|http://developers.sun.com/], Sun Microsystems, Inc. (1994-2008)

\[Sen 2007\] [Avoid the dangers of XPath injection|http://www.ibm.com/developerworks/xml/library/x-xpathinjection.html], by Robi Sen, IBM developerWorks. (2007)

\[Steinberg 2005\] [Java Developer Connection Tech Tips "Using the Varargs Language Feature"|http://java.sun.com/developer/JDCTechTips/2005/tt0104.html], Daniel H. Steinberg, January 4, 2005. (2005)

\[Sun 2003\] [Sun ONE Application Server 7 Performance Tuning Guide|http://docs.sun.com/source/817-2180-10/], Sun Microsystems, Inc. (2003)

\[Sun 1999\] [Why Are Thread.stop, Thread.suspend, Thread.resume and Runtime.runFinalizersOnExit Deprecated?|http://java.sun.com/j2se/1.4.2/docs/guide/misc/threadPrimitiveDeprecation.html], Sun Microsystems, Inc. (1999)

\[Sun 2006\] [Javaâ„¢ Platform, Standard Edition 6 documentation|http://java.sun.com/javase/6/docs/index.html], Sun Microsystems, Inc. (2006)

\[Sun 2008\] [Javaâ„¢  Plug-in and Applet Architecture|http://java.sun.com/javase/6/docs/technotes/guides/jweb/applet/applet_execution.html], Sun Microsystems, Inc. (2008)

\[Sutherland 2010\] [Composable thread coloring|http://portal.acm.org/citation.cfm?doid=1693453.1693485], by Dean F. Sutherland and William L. Scherlis. Principles and Practice of Parallel Programming, Proceedings of the 15th ACM SIGPLAN symposium on Principles and practice of parallel programming. (2010)

\[Tanenbaum 2003\] Andrew S. Tanenbaum, Maarten Van Steen. [Distributed Systems: Principles and Paradigms, 2/E|http://www.pearsonhighered.com/educator/academic/product/0,,0132392275,00%2ben-USS_01DBC.html]. March, 2003. ISBN-10: 0132392275.

\[Techtalk 2007\] [The PhantomReference Menace. Attack of the Clone. Revenge of the Shift.|http://developers.sun.com/learning/javaoneonline/2007/pdf/TS-2707.pdf], by Josh Bloch and William Pugh, JavaOne Conference. (2007)

\[Tomcat 2009\] Tomcat documentation, [Changelog|http://tomcat.apache.org/tomcat-6.0-doc/changelog.html] and [Security fixes|http://tomcat.apache.org/security-6.html], the Apache Software Foundation. (2009)

\[Tutorials 2008\] [The Java Tutorials|http://java.sun.com/docs/books/tutorial/index.html], Sun Microsystems, Inc. (2008)

\[Venners 1997\] [Security and the class loader architecture|http://www.javaworld.com/javaworld/jw-09-1997/jw-09-hood.html?page=1] Java World.com, by Bill Venners. (1997)

\[Venners 2003\] [Failure and Exceptions, A Conversation with James Gosling, Part II|http://www.artima.com/intv/solid.html], by Bill Venners. Artima.com. (2003)

\[W3C 2008\] [Extensible Markup Language (XML) 1.0 (Fifth Edition)|http://www.w3.org/TR/REC-xml/#include-if-valid], W3C Recommendation, by Tim Bray, Jean Paoli, C. M. Sperberg-McQueen, Eve Maler and François Yergeau. (2008)

\[Ware 2008\] [Writing Secure Java Code:A Taxonomy of Heuristics and an Evaluation of Static Analysis Tools|http://peregrin.jmu.edu/~warems/securejavacode.html], Michael S. Ware. (2008)

\[Weber 2009\] [Exploiting Unicode-enabled Software|http://www.lookout.net/wp-content/uploads/2009/03/chris_weber_exploiting-unicode-enabled-software-v15.pdf], by Chris Weber, Casaba Security. CanSecWest March 2009. (2009) 

\[Wheeler 2003\] [Secure Programming for Linux and Unix HOWTO|http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/index.html], David A. Wheeler. (2003)

\[Zukowski 2004\] [Java Developer Connection Tech Tips "Creating Custom Security Permissions"|http://java.sun.com/developer/JDCTechTips/2004/tt0518.html#2], John Zukowski, May 18, 2004. (2004)