Ted North wrote:
Does the book cover any tests that can be done using some sort of tool that can analyze byte code or source code?
Does the book show how to use vulnerability assessment software on a java program or web application?
Jeanne Boyarsky wrote:Between "Java Coding Guideliness" and it's predecessor "The CERT Oracle Secure Coding Standard for Java", which one do you recommend people buy and why. And no saying "both."
I would like to know what reliability is.
Does it have to do with how robust a say web application is in how it handles multiple requests without failing to serve jsp
Does it have to do with how many times a recursive function can call itself without the program running out of memory?
Stuie Clarky wrote:
I would like to know that if there was a single thing you could get developers to do that would have the greatest impact on improving the level and quality of security, what would it be?
Was there a common recurring factor that kept resurfacing, either during writing the book or that you have seen professionally, that became a real 'bash-head-into-keyboard' moment for you?
S G Ganesh wrote:To the authors of the "Java Coding Guidelines" book: I saw the TOC of your interesting book, and I was not quite convinced that program understandability directly relates to security.
Yes, at a logical (or high-level), any violation of programming best practices is not a good thing since it may confuse the reader, the compiler, etc. that can lead to mistakes during fixes for example consequently leading to security vulnerabilities.
However, does program understandability directly relate to security vulnerabilities? Given the fact that you have devoted considerable number of guidelines in your book on program understandability, can you please clarify the relationship between program understandability and security?
Ulf Dittmer wrote:
David Svoboda wrote:They only affect Web applet & servlet developers.
Web apps, on the other hand, are generally written and run by the same organization, so even in the case of a broken sandbox it would be my code that could access my files - not a big deal.
Wesley Womack wrote:Is the information in your book applicable to other JVM languages? I'm primarily interested in Groovy.
Kent O. Johnson wrote:
What brought you and the others to write this book at this time?
What was the motivating factors that brought your group together to make this book happen? Was it a deficiency you saw in the current literature for Java in security?
Saumyaraj Zala wrote:Do this book cover the example of all security threats and when to use it?