View-1133: Weaknesses Addressed by the SEI CERT Oracle Coding Standard for Java

ID: 1133

Type: Graph

Status: Stable

Objective

CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the online wiki that reflects that current rules and recommendations of the SEI CERT Oracle Coding Standard for Java.

Audience

Software Developers

By following the SEI CERT Oracle Coding Standard for Java, developers will be able to fully or partially prevent the weaknesses that are identified in this view. In addition, developers can use a CWE coverage graph to determine which weaknesses are not directly addressed by the standard, which will help identify and resolve remaining gaps in training, tool acquisition, or other approaches for reducing weaknesses.

Software Customers

If a software developer claims to be following the SEI CERT Oracle Secure Coding Standard for Java, then customers can search for the weaknesses in this view in order to formulate independent evidence of that claim.

Educators

Educators can use this view in multiple ways. For example, if there is a focus on teaching weaknesses, the educator could link them to the relevant Secure Coding Standard.

Membership

CWE-ID title
CWE-1134 SEI CERT Oracle Java安全编码标准-准则00.输入验证和数据清理(IDS)
CWE-1135 SEI CERT Oracle Java安全编码标准-准则01.声明和初始化(DCL)
CWE-1136 SEI CERT Oracle Java安全编码标准-准则02.表达式(EXP)
CWE-1137 SEI CERT Oracle Java安全编码标准-准则03.数值类型和运算(NUM)
CWE-1138 SEI CERT Oracle Java安全编码标准-准则04.字符和字符串(STR)
CWE-1139 SEI CERT Oracle Java安全编码标准-准则05.对象方向(OBJ)
CWE-1140 SEI CERT Oracle Java安全编码标准-指南06.方法(MET)
CWE-1141 SEI CERT Oracle Java安全编码标准-准则07.异常行为(ERR)
CWE-1142 SEI CERT Oracle Java安全编码标准-准则08.可见性和原子性(VNA)
CWE-1143 SEI CERT Oracle Java安全编码标准-指南09.锁定(LCK)
CWE-1144 SEI CERT Oracle Java安全编码标准-准则10.线程API(THI)
CWE-1145 SEI CERT Oracle Java安全编码标准-准则11.线程池(TPS)
CWE-1146 SEI CERT Oracle Java安全编码标准-准则12.线程安全杂项(TSM)
CWE-1147 SEI CERT Oracle Java安全编码标准-准则13.输入输出(FIO)
CWE-1148 SEI CERT Oracle Java安全编码标准-准则14.序列化(SER)
CWE-1149 SEI CERT Oracle Java安全编码标准-准则15.平台安全性(SEC)
CWE-1150 SEI CERT Oracle Java安全编码标准-准则16.运行时环境(ENV)
CWE-1151 SEI CERT Oracle Java安全编码标准-准则17.Java本机接口(JNI)
CWE-1152 SEI CERT Oracle Java安全编码标准-准则49.其他(MSC)
CWE-1153 SEI CERT Oracle Java安全编码标准-准则50.安卓(DRD)
CWE-1175 SEI CERT Oracle Java安全编码标准-准则18.并发性(CON)

Notes

Relationship

The relationships in this view were determined based on specific statements within the rules from the standard. Not all rules have direct relationships to individual weaknesses, although they likely have chaining relationships in specific circumstances.

引用

REF-970 SEI CERT Oracle Coding Standard for Java