View-844: Weaknesses Addressed by The CERT Oracle Secure Coding Standard for Java (2011)

ID: 844

Type: Graph

Status: Obsolete

Objective

CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the book "The CERT Oracle Secure Coding Standard for Java" published in 2011. This view is considered obsolete as a newer version of the coding standard is available.

Audience

Software Developers

By following The CERT Oracle Secure Coding Standard for Java, developers will be able to fully or partially prevent the weaknesses that are identified in this view. In addition, developers can use a CWE coverage graph to determine which weaknesses are not directly addressed by the standard, which will help identify and resolve remaining gaps in training, tool acquisition, or other approaches for reducing weaknesses.

Software Customers

If a software developer claims to be following The CERT Oracle Secure Coding Standard for Java, then customers can search for the weaknesses in this view in order to formulate independent evidence of that claim.

Educators

Educators can use this view in multiple ways. For example, if there is a focus on teaching weaknesses, the educator could link them to the relevant Secure Coding Standard.

Membership

CWE-ID	title
CWE-845	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 2 - Input Validation and Data Sanitization (IDS)
CWE-846	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 3 - Declarations and Initialization (DCL)
CWE-847	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 4 - Expressions (EXP)
CWE-848	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 5 - Numeric Types and Operations (NUM)
CWE-849	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 6 - Object Orientation (OBJ)
CWE-850	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 7 - Methods (MET)
CWE-851	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 8 - Exceptional Behavior (ERR)
CWE-852	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 9 - Visibility and Atomicity (VNA)
CWE-853	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 10 - Locking (LCK)
CWE-854	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 11 - Thread APIs (THI)
CWE-855	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 12 - Thread Pools (TPS)
CWE-856	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 13 - Thread-Safety Miscellaneous (TSM)
CWE-857	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 14 - Input Output (FIO)
CWE-858	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 15 - Serialization (SER)
CWE-859	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 16 - Platform Security (SEC)
CWE-860	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 17 - Runtime Environment (ENV)
CWE-861	The CERT Oracle Secure Coding Standard for Java (2011) Chapter 18 - Miscellaneous (MSC)

Notes

Relationship

The relationships in this view were determined based on specific statements within the rules from the standard. Not all rules have direct relationships to individual weaknesses, although they likely have chaining relationships in specific circumstances.

引用

REF-813 The CERT Oracle Coding Standard for Java