Java security updates – January 2012

The Oracle Secure Coding Guidelines for the Java Programming Language are available in version 4.0 (probably already for a couple of days, couldn’t find any announcement). This version includes some hints for the latest Java 7 SDK.

And John Melton announced the Year of security for Java with weekly (at least it looks like weekly posts at the moment) posts on possible Java security problems and pitfalls. The first two posts talk on session fixation prevention and error handling in web.xml are already published.