• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs

 
Bartender
Posts: 962
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Title            :Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs (SEI Series in Software Engineering)
Author/s    : Fred Long, Dhruv Mohindra, Robert C. Seacord, Dean F. Sutherland, David Svoboda
Publisher   : Addison-Wesley Professional
Category   : Advanced Java
Review by : Jeanne Boyarsky
Rating        : 9 horseshoes

This book is a successor to "The CERT Oracle Secure Coding Standard for Java." My biggest gripe with that book was that many of the rules didn't pertain to security. This book was named "Java Coding Guidelines - 75 Recommendations for Reliable and Secure Programs." I like this title much better. Both runtime reliability and maintainability are considered. It's the same authors and style so many good things carry over.

Many of the rules are new including security ones such as XPath injection. The book itself is shorter, but I felt like the picked the most important things to concentrate on. I also found this book easier to read than the predecessor. The CERT specific parts are gone like the severity/likelihood/remediation cost/priority/level. I think this is in recognition that something can be important without being an attack.

I still think the code examples could have been a little clearer. Maybe highlight the differences between the two in longer snippets. I found myself underlining this in pen as I red. Bold would have helped.

I particularly liked the real life example in showing how Oracle themselves fixed some of the vulnerabilities in version 7 of the JDK.

The focus is on core Java (not JEE/web). There are still rules about threading, but not as prominently as the previous title. Overall I think either title is a worthwhile addition to the bookshelf. I slightly prefer "Java Coding Guidelines" to the first edition/CERT title.


---
Disclosure: I received a copy of this book from the publisher in exchange for writing this review on behalf of CodeRanch.

More info at Amazon.com
 
Don't get me started about those stupid light bulbs.
reply
    Bookmark Topic Watch Topic
  • New Topic