About This Report

The Secure Coding Standard Described in This Report

The CERT Oracle Secure Coding Standard for Java is the result of a collaboration between the CERT Program at the Carnegie Mellon Software Engineering Institute and Oracle. It is being developed as a community effort on the CERT secure coding wiki located at www.securecoding.cert.org. This report contains a subset of those guidelines that deal with concurrency and may undergo further revision before being published as part of the CERT Oracle Secure Coding Standard for Java. The concurrency guidelines are divided into the following categories:

•visibility and atomicity (VNA)

•locks (LCK)

•thread APIs (THI)

•thread pools (TPS)

•thread-safety miscellaneous (TSM)

We welcome your feedback about these guidelines. To comment on the wiki, simply go to it and sign up for a wiki account.

Guideline Priorities

Each guideline has a priority assigned using a metric based on Failure Mode, Effects, and Criticality Analysis (FMECA) [IEC 2006]. A value for each of the following is assigned to each guideline:

•severity – If the guideline is ignored, how serious are the consequences? 1 = low (denial-of-service attack, abnormal termination)

2 = medium (data integrity violation, unintentional information disclosure)

3 = high (run arbitrary code, privilege escalation)

•likelihood – If the guideline is ignored and that results in the introduction of a flaw, how likely is it for that flaw to lead to an exploitable vulnerability?

1 = unlikely

2 = probable

3 = likely

•remediation cost – How expensive is it to comply with the guideline? 1 = high (manual detection and correction)

2 = medium (automatic detection and manual correction)

3 = low (automatic detection and correction)

The three values are then multiplied for each guideline. The resulting value, which will be between 1 and 27, provides a measure that can be used to prioritize the application of the guidelines.

CERT and Carnegie Mellon are registered in the U.S. Patent and Trademark Office by Carnegie Mellon University.

CMU/SEI-2010-TR-015 | xiii

Guidelines with a priority in the range of 1-4 are level-3 guidelines; those in the range of 6-9 are level-2; and those in the range of 12-27 are level-1. As a result, it is possible to claim level-1, lev- el-2, or complete compliance (level-3) with a standard by implementing all guidelines in a level, as shown in Figure 1.

Figure 1: Guideline Priorities

This metric is designed primarily for remediation projects. New development efforts are expected to conform to the entire standard.

CMU/SEI-2010-TR-015 | xiv