aspose file tools*
The moose likes Security and the fly likes if you could only pick one secure coding book Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Engineering » Security
Bookmark "if you could only pick one secure coding book" Watch "if you could only pick one secure coding book" New topic
Author

if you could only pick one secure coding book

Jeanne Boyarsky
author & internet detective
Marshal

Joined: May 26, 2003
Posts: 30913
    
158

Between "Java Coding Guideliness" and it's predecessor "The CERT Oracle Secure Coding Standard for Java", which one do you recommend people buy and why. And no saying "both."

In my review, I note that I like the later slightly better. But it was a lot closer than I thought it would be.


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
David Svoboda
Author
Greenhorn

Joined: Oct 21, 2013
Posts: 13
    
    5

Hi, Jeanne. Thanks for the great review!
This is a trick question, right? You're trying to get me to admit that one book is less worthwhile, right?

So my answer is: it depends.
If your goal is to make yourself a better programmer, buy Java Coding Guidelines.
If your goal is to make your code more secure, buy The CERT Oracle Secure Coding Standard for Java.

[Java Coding Guidelines] and [The CERT Oracle Secure Coding Standard for Java ] are from the [CERT Secure Coding Initiative]
Dhruv Mohindra
Author
Greenhorn

Joined: Dec 08, 2009
Posts: 11
    
    5
Hi Jeanne,
Thanks for your great reviews!

Jeanne Boyarsky wrote:Between "Java Coding Guideliness" and it's predecessor "The CERT Oracle Secure Coding Standard for Java", which one do you recommend people buy and why. And no saying "both."


One book contends in the heavyweight category while the other contends for the lightweight title!

I'd recommend the lightweight "Java Coding Guidelines" book because of the more intuitive classification of guidelines which gives you a feel of the message we are trying to get across. If you like what you see here, chances are that you would want to delve deeper into Java's rich set of features in which case you can look at the predecessor, "The CERT Oracle Secure Coding Standard for Java". The predecessor book groups together secure programming best practices by Java's various features and can be particularly useful for readers who want to understand how to use those features correctly and securely. Using them in conjunction can be quite effective too.


You know what I did last summer - Java Coding Guidelines: 75 Recommendations for Reliable and Secure Programs.
Jeanne Boyarsky
author & internet detective
Marshal

Joined: May 26, 2003
Posts: 30913
    
158

David,
Not a trick question. I wanted to see how you compare them. And I really like your answer because it shows WHY you'd buy each one. Dhruv too but yours was more succinct.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: if you could only pick one secure coding book