• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Java Coding Guidelines: How did it begin?

 
Ranch Hand
Posts: 112
3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Fred, or any of the others who want to answer,
What brought you and the others to write this book at this time? Not currently being a security guy I imagine there is a wealth of knowledge out there on the topic of security in Java. What was the motivating factors that brought your group together to make this book happen? Was it a deficiency you saw in the current literature for Java in security?

 
Author
Posts: 11
5
  • Likes 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Kent,

Kent O. Johnson wrote:
What brought you and the others to write this book at this time?



Back in 2008 we realized the need for a community vetted secure coding standard for developing secure Java based applications. This resulted in The CERT Oracle Secure Coding Standard for Java (AW, 2012). The rules were developed with community inputs on CERT's Secure Coding Wiki where they have always been available for free reading.

That said, we became equipped with evidence that there are a set of coding guidelines that if followed, result in more reliable and secure code that is also easier to maintain. This book is an effort to document best practices so that a reader becomes acquainted with the basic / advanced set of skills expected from a competent programmer.


What was the motivating factors that brought your group together to make this book happen? Was it a deficiency you saw in the current literature for Java in security?



We did an extensive literature survey and found pieces about Java best practices scattered across various papers, a few current and some dated books. Some of the sources were current and useful, however, we had to connect the dots to put together the book.

There are areas that have received less focus, for example, how do you groom an entry level programmer who has just finished school so that he can write enterprise grade code? One aim of the JCG book is to reach out to the eager learner and the practicing professional so that they can supplement their knowledge to build robust software.
 
Kent Bull
Ranch Hand
Posts: 112
3
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Dhruv,

It is nice to have some people who will do the work that your team did. I especially liked how you put

how do you groom an entry level programmer who has just finished school so that he can write enterprise grade code?



I am working to get to the state of an entry-level programmer so I won't understand the whole depth JCG book yet. But I do appreciate you expounding the context from which your team decided to create the JCG book.
 
Marshal
Posts: 79153
377
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Dhruv Mohindra wrote: . . . how do you groom an entry level programmer . . .

I know some of the headings in the ToC for your book are what you would consider common‑or‑garden good programming practice. Examples 22‑25 and 50‑56 fall into that category.
To what extent do you think there is failure to understand such good practice in new graduates? Does it differ from people who have done SCJP/OCPJP?
 
reply
    Bookmark Topic Watch Topic
  • New Topic