[cap-talk] Java coding rules for capability discipline
Chris Hibbert
hibbert at mydruthers.com
Sun Nov 7 13:17:15 EST 2004
In the context of the discussion of rules for capability discipline, I
thought it would be worthwhile to mention that Agorics' Java coding
standards have now been published with a Creative Commons license. The
only restriction on reuse is that you have to give Agorics credit if you
republish it. We expect most people would instead steal ideas from
it, which wouldn't incur any restrictions. (IANAL)
The reason this is relevant is that the primary authors of these
standards (Dean and I; I think the standards mostly post-date MarkM)
were aiming for a capability style and POLA discipline. There's a lot
of material here that deals with consistent and readable formatting
rather than style of interface, but that's very relevant for security
reviews. Many of the formatting restrictions (indentations, line
breaks, brace positions, consistent section labels) were explicitly
intended to support our code reviews.
Everything in the standards has a justification, so it shouldn't be hard
(for those so inclined) to go through and pick out the requirements
whose primary purpose is to support capability-style or POLA.
Chris
--
Currently reading: John C. Maxwell, The 21 Irrefutable Laws of
Leadership; Robert A. Heinlein, For Us, the Living;
On my Clie: Alexandar Dumas, The Count of Monte Cristo
Chris Hibbert
hibbert at mydruthers.com
http://mydruthers.com
More information about the cap-talk
mailing list