Programmers often fall into the trap of suppressing or ignoring checked exceptions. Unless there is a valid reason for ignoring exceptions, such as the client cannot be expected to stage a recovery, it is important to handle them appropriately. The thrown exception disrupts the expected control flow of the application and care must be taken to not assume that the expected control flow has happened after catching an exception. The implication of not ignoring an exception is that the application does not assume normal control flow occurred after catching an exception and the application bases its future long term behavior on the fact that the exception was thrown. Failure to take the actual system state into account after the throwing of an exception may result in security problems as the application continues to execute.
Noncompliant Code Example
...
Note that even though the application reacts to the exception by printing out a stack trace, the application still proceeds as if the exception was not thrown, that is, the future long term behavior of the application does not change based on the throwing of the exception. Given that the thrown IOException indicates that an operation attempted by the application failed, it is unlikely that the application will be able to operate successfully in the future by assuming that the attempted operation succeeded.
Compliant Solution
This compliant solution attempts to recover from a FileNotFoundException by forcing the user to specify another file when a particular file does not exist in the user-specific directory.
...