Engineering DRI: @minac ### Problem to solve The current JSON common report format we use for security reports needs improvements, particularly as we are encouraging and adding third-party security vendors integrations. Specifically, the `cve` property is confusing, as it does not actually contain CVE data, and as a result it should be removed. Anyone leveraging the `cve` property in the security reports, with custom scripts or as an integrator into our Secure features, you will need to stop using the `cve` property. ### Proposal Replacing the `cve` property requires several steps which are outlined in the attached issues.