Security Analysis of Core J2EE Design Patterns

posted on Apr 20, 2009 by Rohit Sethi

Today Krish Raja, Sahba Kazerooni, and I are releasing a Security Analysis of the Core J2EE Patterns. In our view, this sort of analysis is long overdue: software vendors, enterprise developers, and the open source community all use patterns judiciously. While developers have access to patterns about security, they rarely have access to a security analysis of non-security-specific patterns.

This beta release outlines our security analysis: we’d love to hear your feedback to improve the quality of our analysis. In future releases, we intend to include source code examples to help elucidate the concepts we describe.

Ovum On The Radar