Bojanova, IrenaYesha, YaacovBlack, Paul E.Wu, Yan2019-10-042019-10-042019-07-09I. Bojanova, Y. Yesha, P. E. Black and Y. Wu, "Information Exposure (IEX): A New Class in the Bugs Framework (BF)," 2019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC), Milwaukee, WI, USA, 2019, pp. 559-564. doi: 10.1109/COMPSAC.2019.00086https://doi.org/10.1109/COMPSAC.2019.00086http://hdl.handle.net/11603/149722019 IEEE 43rd Annual Computer Software and Applications Conference (COMPSAC)Exposure of sensitive information can be harmful on its own. In addition, it could enable further attacks. A rigorous and unambiguous definition of information exposure faults can help researchers and practitioners identify them, thus avoiding security failures. This paper describes Information Exposure (IEX), a new class in the Bugs Framework (BF). The IEX class comprises a rigorous definition and (static) attributes of the class, along with their related dynamic properties, such as proximate and secondary causes, consequences and sites. We use the IEX class to analyze specific vulnerabilities and provide clear descriptions. We also discuss lessons we learned that will help create additional BF classes6 pagesen-USThis item is likely protected under Title 17 of the U.S. Copyright Law. Unless on a Creative Commons license, for uses protected by Copyright Law, contact the copyright holder or the author.Public Domain Mark 1.0This work was written as part of one of the author's official duties as an Employee of the United States Government and is therefore a work of the United States Governmentsensitive informationinformation exposureinformation leakagesoftware weaknessesbug taxonomyattacksText