Classifying security defects and requirements to remediate them; CVE/CWE vocabulary for acceptance and fix planning.