diff --git a/java/ql/src/experimental/Security/CWE/CWE-016/InsecureSpringActuatorConfig.qhelp b/java/ql/src/Security/CWE/CWE-200/InsecureSpringActuatorConfig/InsecureSpringActuatorConfig.qhelp
similarity index 84%
rename from java/ql/src/experimental/Security/CWE/CWE-016/InsecureSpringActuatorConfig.qhelp
rename to java/ql/src/Security/CWE/CWE-200/InsecureSpringActuatorConfig/InsecureSpringActuatorConfig.qhelp
index e201156728a4..7e31b43ba7a1 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-016/InsecureSpringActuatorConfig.qhelp
+++ b/java/ql/src/Security/CWE/CWE-200/InsecureSpringActuatorConfig/InsecureSpringActuatorConfig.qhelp
@@ -2,28 +2,28 @@
 <qhelp>
   <overview>
     <p>Spring Boot is a popular framework that facilitates the development of stand-alone applications
-and micro services. Spring Boot Actuator helps to expose production-ready support features against 
+and micro services. Spring Boot Actuator helps to expose production-ready support features against
 Spring Boot applications.</p>
 
-    <p>Endpoints of Spring Boot Actuator allow to monitor and interact with a Spring Boot application. 
-Exposing unprotected actuator endpoints through configuration files can lead to information disclosure 
+    <p>Endpoints of Spring Boot Actuator allow to monitor and interact with a Spring Boot application.
+Exposing unprotected actuator endpoints through configuration files can lead to information disclosure
 or even remote code execution vulnerability.</p>
 
     <p>Rather than programmatically permitting endpoint requests or enforcing access control, frequently
-developers simply leave management endpoints publicly accessible in the application configuration file 
+developers simply leave management endpoints publicly accessible in the application configuration file
 <code>application.properties</code> without enforcing access control through Spring Security.</p>
   </overview>
 
   <recommendation>
-    <p>Declare the Spring Boot Starter Security module in XML configuration or programmatically enforce 
-security checks on management endpoints using Spring Security. Otherwise accessing management endpoints 
-on a different HTTP port other than the port that the web application is listening on also helps to 
+    <p>Declare the Spring Boot Starter Security module in XML configuration or programmatically enforce
+security checks on management endpoints using Spring Security. Otherwise accessing management endpoints
+on a different HTTP port other than the port that the web application is listening on also helps to
 improve the security.</p>
   </recommendation>
 
   <example>
-    <p>The following examples show both 'BAD' and 'GOOD' configurations. In the 'BAD' configuration, 
-no security module is declared and sensitive management endpoints are exposed. In the 'GOOD' configuration, 
+    <p>The following examples show both 'BAD' and 'GOOD' configurations. In the 'BAD' configuration,
+no security module is declared and sensitive management endpoints are exposed. In the 'GOOD' configuration,
 security is enforced and only endpoints requiring exposure are exposed.</p>
     <sample src="pom_good.xml" />
     <sample src="pom_bad.xml" />
diff --git a/java/ql/src/experimental/Security/CWE/CWE-016/InsecureSpringActuatorConfig.ql b/java/ql/src/Security/CWE/CWE-200/InsecureSpringActuatorConfig/InsecureSpringActuatorConfig.ql
similarity index 92%
rename from java/ql/src/experimental/Security/CWE/CWE-016/InsecureSpringActuatorConfig.ql
rename to java/ql/src/Security/CWE/CWE-200/InsecureSpringActuatorConfig/InsecureSpringActuatorConfig.ql
index b21aa82e8baf..800fc6db5641 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-016/InsecureSpringActuatorConfig.ql
+++ b/java/ql/src/Security/CWE/CWE-200/InsecureSpringActuatorConfig/InsecureSpringActuatorConfig.ql
@@ -111,11 +111,9 @@ predicate hasConfidentialEndPointExposed(SpringBootPom pom, ApplicationPropertie
   )
 }
 
-deprecated query predicate problems(Dependency d, string message) {
-  exists(SpringBootPom pom |
-    hasConfidentialEndPointExposed(pom, _) and
-    d = pom.getADependency() and
-    d.getArtifact().getValue() = "spring-boot-starter-actuator"
-  ) and
-  message = "Insecure configuration of Spring Boot Actuator exposes sensitive endpoints."
-}
+from SpringBootPom pom, ApplicationProperties ap, Dependency d
+where
+  hasConfidentialEndPointExposed(pom, ap) and
+  d = pom.getADependency() and
+  d.getArtifact().getValue() = "spring-boot-starter-actuator"
+select d, "Insecure configuration of Spring Boot Actuator exposes sensitive endpoints."
diff --git a/java/ql/src/experimental/Security/CWE/CWE-016/application.properties b/java/ql/src/Security/CWE/CWE-200/InsecureSpringActuatorConfig/application.properties
similarity index 88%
rename from java/ql/src/experimental/Security/CWE/CWE-016/application.properties
rename to java/ql/src/Security/CWE/CWE-200/InsecureSpringActuatorConfig/application.properties
index 4f5defdd948e..441d752508c9 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-016/application.properties
+++ b/java/ql/src/Security/CWE/CWE-200/InsecureSpringActuatorConfig/application.properties
@@ -1,7 +1,7 @@
 #management.endpoints.web.base-path=/admin
 
 
-#### BAD: All management endpoints are accessible #### 
+#### BAD: All management endpoints are accessible ####
 # vulnerable configuration (spring boot 1.0 - 1.4): exposes actuators by default
 
 # vulnerable configuration (spring boot 1.5+): requires value false to expose sensitive actuators
@@ -11,7 +11,7 @@ management.security.enabled=false
 management.endpoints.web.exposure.include=*
 
 
-#### GOOD: All management endpoints have access control #### 
+#### GOOD: All management endpoints have access control ####
 # safe configuration (spring boot 1.0 - 1.4): exposes actuators by default
 management.security.enabled=true
 
diff --git a/java/ql/src/experimental/Security/CWE/CWE-016/pom_bad.xml b/java/ql/src/Security/CWE/CWE-200/InsecureSpringActuatorConfig/pom_bad.xml
similarity index 99%
rename from java/ql/src/experimental/Security/CWE/CWE-016/pom_bad.xml
rename to java/ql/src/Security/CWE/CWE-200/InsecureSpringActuatorConfig/pom_bad.xml
index 9dd5c9c188b4..6bca2829ac43 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-016/pom_bad.xml
+++ b/java/ql/src/Security/CWE/CWE-200/InsecureSpringActuatorConfig/pom_bad.xml
@@ -47,4 +47,4 @@
         </dependency>
     </dependencies>
 
-</project>
\ No newline at end of file
+</project>
diff --git a/java/ql/src/experimental/Security/CWE/CWE-016/pom_good.xml b/java/ql/src/Security/CWE/CWE-200/InsecureSpringActuatorConfig/pom_good.xml
similarity index 99%
rename from java/ql/src/experimental/Security/CWE/CWE-016/pom_good.xml
rename to java/ql/src/Security/CWE/CWE-200/InsecureSpringActuatorConfig/pom_good.xml
index 89f577f21e59..03bc257f5bda 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-016/pom_good.xml
+++ b/java/ql/src/Security/CWE/CWE-200/InsecureSpringActuatorConfig/pom_good.xml
@@ -47,4 +47,4 @@
         </dependency>
     </dependencies>
 
-</project>
\ No newline at end of file
+</project>
diff --git a/java/ql/test/experimental/query-tests/security/CWE-016/InsecureSpringActuatorConfig.qlref b/java/ql/test/experimental/query-tests/security/CWE-016/InsecureSpringActuatorConfig.qlref
deleted file mode 100644
index 9cd12d5e4fb1..000000000000
--- a/java/ql/test/experimental/query-tests/security/CWE-016/InsecureSpringActuatorConfig.qlref
+++ /dev/null
@@ -1 +0,0 @@
-experimental/Security/CWE/CWE-016/InsecureSpringActuatorConfig.ql
\ No newline at end of file
diff --git a/java/ql/test/experimental/query-tests/security/CWE-016/InsecureSpringActuatorConfig.expected b/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/InsecureSpringActuatorConfig.expected
similarity index 100%
rename from java/ql/test/experimental/query-tests/security/CWE-016/InsecureSpringActuatorConfig.expected
rename to java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/InsecureSpringActuatorConfig.expected
diff --git a/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/InsecureSpringActuatorConfig.qlref b/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/InsecureSpringActuatorConfig.qlref
new file mode 100644
index 000000000000..bf30c44df85a
--- /dev/null
+++ b/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/InsecureSpringActuatorConfig.qlref
@@ -0,0 +1 @@
+Security/CWE/CWE-200/InsecureSpringActuatorConfig/InsecureSpringActuatorConfig.ql
diff --git a/java/ql/test/experimental/query-tests/security/CWE-016/SensitiveInfo.java b/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/SensitiveInfo.java
similarity index 100%
rename from java/ql/test/experimental/query-tests/security/CWE-016/SensitiveInfo.java
rename to java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/SensitiveInfo.java
diff --git a/java/ql/test/experimental/query-tests/security/CWE-016/application.properties b/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/application.properties
similarity index 100%
rename from java/ql/test/experimental/query-tests/security/CWE-016/application.properties
rename to java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/application.properties
diff --git a/java/ql/test/experimental/query-tests/security/CWE-016/options b/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/options
similarity index 62%
rename from java/ql/test/experimental/query-tests/security/CWE-016/options
rename to java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/options
index 2ce7a4743cd3..ab29fd4e46fa 100644
--- a/java/ql/test/experimental/query-tests/security/CWE-016/options
+++ b/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/options
@@ -1 +1 @@
-//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.8.x
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../../stubs/springframework-5.8.x
diff --git a/java/ql/test/experimental/query-tests/security/CWE-016/pom.xml b/java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/pom.xml
similarity index 100%
rename from java/ql/test/experimental/query-tests/security/CWE-016/pom.xml
rename to java/ql/test/query-tests/security/CWE-200/semmle/tests/InsecureSpringActuatorConfig/pom.xml