• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

The CERT Oracle Secure Coding Standard for Java

 
Bartender
Posts: 962
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Author/s    : Fred Long et al
Publisher   : Addison-Wesley Professional
Category   : Advanced Java
Review by : Jeanne Boyarsky
Rating        : 8 horseshoes

"The CERT Oracle Secure Coding Standard for Java." The name says it all. This is a book about security, no? Actually, it is not. It is a book about security and quality. The authors don't define security in quite the same way I do. For example calling string.replace() and ignoring the result is incorrect. However it is a quality issue. I'm not convinced the relationship to security.

In any case, the practices are excellent. They are clearly documented in the form of:
attack/flaw
bad code example
good code example

I think the code examples could have been a little clearer. Maybe highlight the differences between the two in longer snippets.

I particularly liked the tables where they show severity, likelihood, cost to fix, priority and level. I also like that they call attention to which can be easily found by static analysis.

The focus is on core Java (not JEE/web) and a lot of emphasis is placed on threading. The book calls attention to different versions of Java and includes Java 7. Overall a worthwhile addition to the bookshelf.

---
Disclosure: I received a copy of this book from the publisher in exchange for writing this review on behalf of CodeRanch.

More info at Amazon.com
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic