== Why is this an issue?

There is no good reason to declare a field "public" and "static" without also declaring it "final". Most of the time this is a kludge to share a state among several objects. But with this approach, any object can do whatever it wants with the shared state, such as setting it to ``++null++``. 

=== Noncompliant code example

[source,java]
----
public class Greeter {
  public static Foo foo = new Foo();
  ...
}
----

=== Compliant solution

[source,java]
----
public class Greeter {
  public static final Foo FOO = new Foo();
  ...
}
----

== Resources

* CWE - https://cwe.mitre.org/data/definitions/500[CWE-500 - Public Static Field Not Marked Final]
* https://wiki.sei.cmu.edu/confluence/x/WjdGBQ[CERT OBJ10-J.] - Do not use public static nonfinal fields

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

'''
== Comments And Links
(visible only on this page)

include::../comments-and-links.adoc[]

endif::env-github,rspecator-view[]