CVE, CWE, and remediation prioritization

Linking identifiers to tests and releases; prioritization without duplicating operational runbooks (section 10).