...
This compliant solution executes several statements that can possibly throw exceptions prior to performing any security critical operations and uses the thread and exception safe Java Logger class to implement logging (see EXC08EXC03-J. Use a logging API to log critical security exceptions for more information on the use of logging libraries). As a result, exceptions do not result in failure to log a message or a different message than intended being logged. While this is a stringent requirement, it is necessary in cases where an exception can be deliberately thrown to conceal an attacker's tracks. The logging mechanism must be robust and should be able to detect and handle all such cases.
...