File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Security and the fly likes Java Coding Guidelines: How did it begin? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "Java Coding Guidelines: How did it begin?" Watch "Java Coding Guidelines: How did it begin?" New topic
Author

Java Coding Guidelines: How did it begin?

Kent O. Johnson
Ranch Hand

Joined: Feb 21, 2013
Posts: 30
Fred, or any of the others who want to answer,
What brought you and the others to write this book at this time? Not currently being a security guy I imagine there is a wealth of knowledge out there on the topic of security in Java. What was the motivating factors that brought your group together to make this book happen? Was it a deficiency you saw in the current literature for Java in security?

Dhruv Mohindra
Author
Greenhorn

Joined: Dec 08, 2009
Posts: 11
    
    5
Hi Kent,
Kent O. Johnson wrote:
What brought you and the others to write this book at this time?


Back in 2008 we realized the need for a community vetted secure coding standard for developing secure Java based applications. This resulted in The CERT Oracle Secure Coding Standard for Java (AW, 2012). The rules were developed with community inputs on CERT's Secure Coding Wiki where they have always been available for free reading.

That said, we became equipped with evidence that there are a set of coding guidelines that if followed, result in more reliable and secure code that is also easier to maintain. This book is an effort to document best practices so that a reader becomes acquainted with the basic / advanced set of skills expected from a competent programmer.


What was the motivating factors that brought your group together to make this book happen? Was it a deficiency you saw in the current literature for Java in security?



We did an extensive literature survey and found pieces about Java best practices scattered across various papers, a few current and some dated books. Some of the sources were current and useful, however, we had to connect the dots to put together the book.

There are areas that have received less focus, for example, how do you groom an entry level programmer who has just finished school so that he can write enterprise grade code? One aim of the JCG book is to reach out to the eager learner and the practicing professional so that they can supplement their knowledge to build robust software.


You know what I did last summer - Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs.
Kent O. Johnson
Ranch Hand

Joined: Feb 21, 2013
Posts: 30
Dhruv,

It is nice to have some people who will do the work that your team did. I especially liked how you put

how do you groom an entry level programmer who has just finished school so that he can write enterprise grade code?


I am working to get to the state of an entry-level programmer so I won't understand the whole depth JCG book yet. But I do appreciate you expounding the context from which your team decided to create the JCG book.
Campbell Ritchie
Sheriff

Joined: Oct 13, 2005
Posts: 38363
    
  23
Dhruv Mohindra wrote: . . . how do you groom an entry level programmer . . .
I know some of the headings in the ToC for your book are what you would consider common‑or‑garden good programming practice. Examples 22‑25 and 50‑56 fall into that category.
To what extent do you think there is failure to understand such good practice in new graduates? Does it differ from people who have done SCJP/OCPJP?
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Java Coding Guidelines: How did it begin?