Title :Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs (SEI Series in Software Engineering)
Author/s : Fred Long, Dhruv Mohindra, Robert C. Seacord, Dean F. Sutherland, David Svoboda
Publisher : Addison-Wesley Professional
Category : Advanced Java Review by : Jeanne Boyarsky
Rating : 9 horseshoes
This book is a successor to "The CERT Oracle Secure Coding Standard for Java." My biggest gripe with that book was that many of the rules didn't pertain to security. This book was named "Java Coding Guidelines - 75 Recommendations for Reliable and Secure Programs." I like this title much better. Both runtime reliability and maintainability are considered. It's the same authors and style so many good things carry over.
Many of the rules are new including security ones such as XPath injection. The book itself is shorter, but I felt like the picked the most important things to concentrate on. I also found this book easier to read than the predecessor. The CERT specific parts are gone like the severity/likelihood/remediation cost/priority/level. I think this is in recognition that something can be important without being an attack.
I still think the code examples could have been a little clearer. Maybe highlight the differences between the two in longer snippets. I found myself underlining this in pen as I red. Bold would have helped.
I particularly liked the real life example in showing how Oracle themselves fixed some of the vulnerabilities in version 7 of the JDK.
The focus is on core Java (not JEE/web). There are still rules about threading, but not as prominently as the previous title. Overall I think either title is a worthwhile addition to the bookshelf. I slightly prefer "Java Coding Guidelines" to the first edition/CERT title.
Disclosure: I received a copy of this book from the publisher in exchange for writing this review on behalf of CodeRanch.