The CERT Oracle Secure Coding Standard for Java (2011) Chapter 18 - Miscellaneous (MSC)

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be ...

True random number generators (TRNG) generally have a limited source of entropy and therefore can fail or block.

The lack of entropy available for, or used by, a Pseudo-Random Number Generator (PRNG) can be a stability and security threat.

The product does not encrypt sensitive or critical information before storage or transmission.

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

A Pseudo-Random Number Generator (PRNG) is initialized from a predictable seed, such as the process ID or system time.

A Pseudo-Random Number Generator (PRNG) uses the same seed each time the product is initialized.

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, ev...

The product contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to exter...

The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

The product uses the singleton pattern when creating a resource within a multithreaded environment.

CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the book "The CERT Oracle Secure Coding Standard for Java" pu...