Fred Long　英国Aberystwyth大学计算机科学系高级讲师和教学主任。主要讲授形式方法、Java、C++和C的编程模式以及与编程相关的安全问题的课程。他是英国计算机协会中威尔士分会的主席，自1992年以来在软件工程研究所（SEI）担任客座研究员。最近正在研究如何在Java中探查安全性漏洞。

Dhruv Mohindra　印度Persistent系统工程有限公司的高级软件工程师。曾研发了广泛应用于企业服务器的监控软件。曾在SEI的CERT项目工作，并致力于在编程社区中提高对安全问题的警觉性。曾任职于卡内基·梅隆大学，拥有信息安全策略与管理硕士学位和印度Pune大学计算机工程学士学位。

Robert C. Seacord　资深计算机安全专家和作家。在计算机安全、历史系统改造以及基于组件的软件工程等领域具有极深的造诣。目前管理卡内基·梅隆大学SEI的CERT在安全编码领域的创新项目。拥有Rensselaer Polytechnic学院计算机科学学士学位。

Dean F. Sutherland　CERT高级软件安全工程师，编译器后端技术专家组高级专家。拥有卡内基·梅隆大学博士学位。曾担任职业软件工程师，在Tartan公司工作超过14年。

David Svoboda　 CERT软件安全工程师，资深Java开发工程师，在Java开发领域拥有13年的开发经验。是卡内基·梅隆大学的一系列软件开发项目的主要开发者，这些项目涉及从层级芯片建模到社会组织仿真再到自动机器学习等多个方面。

"In the Java world, security is not viewed as an add-on a feature. It is a pervasive way of thinking. Those who forget to think in a secure mindset end up in trouble. But just because the facilities are there doesn't mean that security is assured automatically. A set of standard practices has evolved over the years. The Secure(R) Coding(R) Standard for Java(t) is a compendium of these practices. These are not theoretical research papers or product marketing blurbs. This is all serious, mission-critical, battle-tested, enterprise-scale stuff." -James A. Gosling, Father of the Java Programming Language An essential element of secure coding in the Java programming language is a well-documented and enforceable coding standard. Coding standards encourage programmers to follow a uniform set of rules determined by the requirements of the project and organization, rather than by the programmer's familiarity or preference. Once established, these standards can be used as a metric to evaluate source code (using manual or automated processes). The CERT(R) Oracle(R) Secure Coding Standard for Java(t) provides rules designed to eliminate insecure coding practices that can lead to exploitable vulnerabilities. Application of the standard's guidelines will lead to higher-quality systems-robust systems that are more resistant to attack. Such guidelines are required for the wide range of products coded in Java-for devices such as PCs, game players, mobile phones, home appliances, and automotive electronics. After a high-level introduction to Java application security, seventeen consistently organized chapters detail specific rules for key areas of Java development. For each area, the authors present noncompliant examples and corresponding compliant solutions, show how to assess risk, and offer references for further information. Each rule is prioritized based on the severity of consequences, likelihood of introducing exploitable vulnerabilities, and cost of remediation. The standard provides secure coding rules for the Java SE 6 Platform including the Java programming language and libraries, and also addresses new features of the Java SE 7 Platform. It describes language behaviors left to the discretion of JVM and compiler implementers, guides developers in the proper use of Java's APIs and security architecture, and considers security concerns pertaining to standard extension APIs (from the javax package hierarchy).The standard covers security issues applicable to these libraries: lang, util, Collections, Concurrency Utilities, Logging, Management, Reflection, Regular Expressions, Zip, I/O, JMX, JNI, Math, Serialization, and JAXP.