This Article 
 Bibliographic References 
 Add to: 
Java Insecurity: Accounting for Subtleties That Can Compromise Code
January/February 2008 (vol. 25 no. 1)
pp. 13-19
Charlie Lai, Sun Microsystems
Java developers commonly follow numerous coding guidelines—such as minimizing accessibility, creating copies of mutable inputs, and preventing the unauthorized construction of sensitive classes—to ensure that their programs are safe. Various subtleties related to each guideline could lead to unexpected behavior, and ultimately to security vulnerabilities. Java developers can safely account for these subtleties to prevent attacks. This article is part of a special issue on Security for the Rest of Us.

1. J. Bloch, Effective Java Programming Language Guide, 1st ed., Addison-Wesley, 2001.
2. G. McGraw, Software Security: Building Security In, Addison-Wesley, 2006.
3. L. Gong, G. Ellison, and M. Dageforde, Inside Java 2 Platform Security, 2nd ed., Addison-Wesley, 2003.
4. J. Schwartz, "Who Needs Hackers?" New York Times,12 Sept. 2007.
5. D. Hovemeyer and W. Pugh, "Finding Bugs Is Easy," ACM SIGPLANNotices, vol. 39, no. 12, 2004, pp. 92–106.

Index Terms:
Java, code design, programming paradigms, security and privacy protection
Charlie Lai, "Java Insecurity: Accounting for Subtleties That Can Compromise Code," IEEE Software, vol. 25, no. 1, pp. 13-19, Jan.-Feb. 2008, doi:10.1109/MS.2008.9
Usage of this product signifies your acceptance of the Terms of Use.