Provide help to determine whether or not a CVE is warranted
@wbeaton
Submitted by Wayne Beaton Link to original bug (#558854)
Description
A CVE is generally warranted when a vulnerability is identified in released code. The converse is that a CVE is generally not warranted for a vulnerability detected in a random commit or milestone build; though, there is some grey area.
We need more here.