Hi Kent,
Kent O. Johnson wrote:
What brought you and the others to write this book at this time?
Back in 2008 we realized the need for a community vetted secure coding standard for developing secure Java based applications. This resulted in
The CERT Oracle Secure Coding Standard for Java (AW, 2012). The rules were developed with community inputs on
CERT's Secure Coding Wiki where they have always been available for free reading.
That said, we became equipped with evidence that there are a set of coding guidelines that if followed, result in more reliable and secure code that is also easier to maintain. This book is an effort to document best practices so that a reader becomes acquainted with the basic / advanced set of skills expected from a competent programmer.
What was the motivating factors that brought your group together to make this book happen? Was it a deficiency you saw in the current literature for Java in security?
We did an extensive literature survey and found pieces about Java best practices scattered across various papers, a few current and some dated books. Some of the sources were current and useful, however, we had to connect the dots to put together the book.
There are areas that have received less focus, for example, how do you groom an entry level programmer who has just finished school so that he can write enterprise grade code? One aim of the JCG book is to reach out to the eager learner and the practicing professional so that they can supplement their knowledge to build robust software.