Schema for NIST reporting format, as described at
http://samate.nist.gov/SATE.html
Severity on the scale 1 (high) to 5 (low)
Probability that the problem is a true positive,
from 0 to 1
Tool specific rank for the problem; the scale
must be specified separately
Human evaluation of the issue; not considered to
be part of tool output
Severity on the scale 1 (high) to 5 (low)
(DEPRECATED) Human analysis will tell whether
this is a false-positive (1) or not (0)
Human analysis will tell whether the weakness
is relevant to security (true), requires
attention (poor quality) but may not be relevant
to security (quality), exists but is insignificant
(insignificant), could not be confirmed (unknown)
or is not a weakness (false)