The software does not record, or improperly records, security-relevant information that leads to an incorrect decision or hampers later analysis.