Win a copy of Head First Go this week in the Go forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
  • Campbell Ritchie
  • Liutauras Vilda
  • Bear Bibeault
  • Paul Clapham
  • Jeanne Boyarsky
  • Devaka Cooray
  • Junilu Lacar
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Ron McLeod
  • Tim Holloway
  • Claude Moore
  • Stephan van Hulst
  • Winston Gutkowski
  • Carey Brown
  • Frits Walraven

Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs  RSS feed

Posts: 962
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Title            :Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs (SEI Series in Software Engineering)
Author/s    : Fred Long, Dhruv Mohindra, Robert C. Seacord, Dean F. Sutherland, David Svoboda
Publisher   : Addison-Wesley Professional
Category   : Advanced Java
Review by : Jeanne Boyarsky
Rating        : 9 horseshoes

This book is a successor to "The CERT Oracle Secure Coding Standard for Java." My biggest gripe with that book was that many of the rules didn't pertain to security. This book was named "Java Coding Guidelines - 75 Recommendations for Reliable and Secure Programs." I like this title much better. Both runtime reliability and maintainability are considered. It's the same authors and style so many good things carry over.

Many of the rules are new including security ones such as XPath injection. The book itself is shorter, but I felt like the picked the most important things to concentrate on. I also found this book easier to read than the predecessor. The CERT specific parts are gone like the severity/likelihood/remediation cost/priority/level. I think this is in recognition that something can be important without being an attack.

I still think the code examples could have been a little clearer. Maybe highlight the differences between the two in longer snippets. I found myself underlining this in pen as I red. Bold would have helped.

I particularly liked the real life example in showing how Oracle themselves fixed some of the vulnerabilities in version 7 of the JDK.

The focus is on core Java (not JEE/web). There are still rules about threading, but not as prominently as the previous title. Overall I think either title is a worthwhile addition to the bookshelf. I slightly prefer "Java Coding Guidelines" to the first edition/CERT title.

Disclosure: I received a copy of this book from the publisher in exchange for writing this review on behalf of CodeRanch.

More info at
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!