Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

08. Concurrency (CON)

Created by Dhruv Mohindra, last modified on May 11, 2009

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Recommendations

CON00-J. Use synchronization judiciously

CON01-J. Avoid using ThreadGroup APIs

CON02-J. Facilitate thread reuse by using Thread Pools

CON03-J. Do not subclass Thread if you can use a Runnable instead

Rules

CON30-J. Synchronize access to shared mutable variables

CON31-J. Always invoke the wait() method inside a loop

CON32-J. Prefer notifyAll() to notify()

CON33-J. Address the shortcomings of the Singleton design pattern

CON34-J. Avoid deadlock by requesting fine-grained locks in the proper order

CON35-J. Do not try to force thread shutdown

CON36-J. Always synchronize on the appropriate object

CON37-J. Never apply a lock to methods making network calls

Risk Assessment Summary

Recommendations

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
CON00-J	low	unlikely	high	P1	L3
CON01-J	low	unlikely	low	P3	L3
CON02-J	low	probable	high	P2	L3

Rules

Rules	Severity	Likelihood	Remediation Cost	Priority	Level
CON30-J	medium	probable	medium	P8	L2
CON31-J	low	unlikely	medium	P2	L3
CON32-J	low	unlikely	medium	P2	L3
CON33-J	low	unlikely	medium	P2	L3
CON34-J	low	unlikely	high	P1	L3
CON35-J	low	unlikely	medium	P2	L3
CON37-J	low	likely	high	P3	L3

FIO35-J. Exclude user input from format strings The CERT Sun Microsystems Secure Coding Standard for Java CON00-J. Use synchronization judiciously

No labels