Author/s : Fred Long et al
Publisher : Addison-Wesley Professional
Category : Advanced Java Review by : Jeanne Boyarsky
Rating : 8 horseshoes
"The CERT Oracle Secure Coding Standard for Java." The name says it all. This is a book about security, no? Actually, it is not. It is a book about security and quality. The authors don't define security in quite the same way I do. For example calling string.replace() and ignoring the result is incorrect. However it is a quality issue. I'm not convinced the relationship to security.
In any case, the practices are excellent. They are clearly documented in the form of:
bad code example
good code example
I think the code examples could have been a little clearer. Maybe highlight the differences between the two in longer snippets.
I particularly liked the tables where they show severity, likelihood, cost to fix, priority and level. I also like that they call attention to which can be easily found by static analysis.
The focus is on core Java (not JEE/web) and a lot of emphasis is placed on threading. The book calls attention to different versions of Java and includes Java 7. Overall a worthwhile addition to the bookshelf.
Disclosure: I received a copy of this book from the publisher in exchange for writing this review on behalf of CodeRanch.