[REF-17] Michael Howard, David LeBlanc
and John Viega. "24 Deadly Sins of Software Security". "Sin 12: Information Leakage." Page 191. McGraw-Hill. 2010.
Depending on usage, this could be a weakness or a category. Further study
of all its children is needed, and the entire sub-tree may need to be
clarified. The current organization is based primarily on the exposure of
sensitive information as a consequence, instead of as a primary
There is a close relationship with CWE-552, which is more focused on weaknesses. As a result, it may be more appropriate to convert CWE-538 to a category.