Software Engineering Institute

When Java was first designed, security was a key component. In the years since then, all of the various standard libraries, frameworks, and containers that have been built have had to deal with security. The mere presence of the facilities, however, is insufficient to ensure security automatically. A set of standard practices has evolved over the years; the CERT® Oracle® Secure Coding Standard for Java™ is a compendium of these practices.