In the OSSTMM (Open Source Security Testing Methodology Manual), a de-facto standard for security tests, an exposure is the fourth most serious security hole (of a total of five) in the respective risk categorization and deals with the divulgement of sensitive information, for example internal IP addresses may be visible, which may give attackers information about the architecture of the internal network.