No there are no other ways of loading internal resources for J2ME. You need to use the getResourceAsStream()
on the Class
object.
This is not a security flaw. I think Veracode is confused. Looks like they think you're loading an external file from the user SD card or internal phone storage - and that would indeed be a security flaw. But that's not what getResourceAsStream()
does.
The only thing you can read using getResourceAsStream()
are the files contained inside the JAR you yourself have created.
I think the only thing you can do is try to explain this to Veracode. Because it's definitely not a security flaw.