Category: SFP Secondary Cluster: Information Loss
Incomplete
Summary
This category identifies Software Fault Patterns (SFPs) within the Information Loss cluster.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-221 | Information Loss or Omission | The product does not record, or improperly records, security-relevant information that leads to an incorrect decision or hampers later analysis. |
| CWE-222 | Truncation of Security-relevant Information | The product truncates the display, recording, or processing of security-relevant information in a way that can obscure the source or nature of an attack. |
| CWE-223 | Omission of Security-relevant Information | The product does not record or display information that would be important for identifying the source or nature of an attack, or determining if an action is safe. |
| CWE-224 | Obscured Security-relevant Information by Alternate Name | The product records security-relevant information according to an alternate name of the affected entity, instead of the canonical name. |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs). |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.