Define id for vulnerability
Vulnerabilities are not defined by their attributes, but rather by a thread of continuity and identity. For example, when a remediation fixes a vulnerability it is important to know exactly which vulnerabilities were fixed.
For this reason, it is important to have unique identifiers on each vulnerability. This changes adds an id
field to vulnerability, with the suggestion that a UUID is a good candidate for the value.
id
is not required yet, as cve
has yet to be deprecated.