Monday Apr 14, 2014

Version 5.0 of the Java Secure Coding Guidelines now available!

A new version of the Java Secure Coding Guidelines is now available at http://www.oracle.com/technetwork/java/seccodeguide-139067.html

This version has many updates, including:

  • Additional information for some of the new Java SE 8 features
  • Several new guidelines and examples
  • A new appendix covering the Java Native Interface
  • A new symbolic naming for sections
  • Several formatting changes
These guidelines contain coding patterns and best practices that are extremely useful for building robust and secure Java applications.

Thursday Mar 13, 2014

How to use the XML Signature secure validation mode

This post shows you how to use the new secure validation mode for XML Signatures that we introduced in JDK 7u25.[Read More]

Tuesday Dec 03, 2013

How to determine if a signed JAR is timestamped

Applying a timestamp when you sign a JAR is strongly recommended, as it allows you to prove that you signed the JAR during the time interval that your code signing certificate was still valid.[Read More]

Friday Nov 01, 2013

JEP 124: Enhance the Certificate Revocation-Checking API

JEP 124 (Enhance the Certificate Revocation-Checking API) is one of the 11 new security features in JDK 8. This feature enhances the java.security.cert API to support various revocation settings such as best-effort checking, end-entity certificate checking, and mechanism-specific options and parameters.[Read More]

Friday Feb 12, 2010

Announcing XML Signature 1.1 and Signature Properties Last Call

The W3C XML Security Working Group has released a Last Call Working Draft for XML Signature 1.1:

http://www.w3.org/TR/xmldsig-core1/

An explanation of the changes against the XML Signature 1.0  specification is available:

http://www.w3.org/TR/xmldsig-core1/explain.html

Changes are focused on the set of mandatory to implement algorithms and markup for relevant key material.

The Working Group has also released a Last Call Working Draft for XML Signature Properties:

http://www.w3.org/TR/2010/WD-xmldsig-properties-20100204/

The Last Call period lasts until 18 March 2010; comments can be sent to public-xmlsec-comments @ w3.org.  The next step in the W3C Recommendation Track process is either a Candidate Recommendation phase to collect implementation experience, or another Working Draft.

The WG continues its work on XML Encryption 1.1 and is also working on a 2.0 version of Canonical XML and XML Signature.

Details on all the publications of the Working Group are available on  the Working Group Publication Status page at http://www.w3.org/2008/xmlsec/wiki/PublicationStatus
About

Sean Mullan

Search

Top Tags
Categories
Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today