diff --git a/mappings/cvss_v3/cvss_v3.json b/mappings/cvss_v3/cvss_v3.json
index 665df020..e2fbf17e 100644
--- a/mappings/cvss_v3/cvss_v3.json
+++ b/mappings/cvss_v3/cvss_v3.json
@@ -846,173 +846,173 @@
       ]
     },
     {
-    "id": "cryptographic_weakness",
-    "children": [
+      "id": "cryptographic_weakness",
+      "children": [
         {
-        "id": "insufficient_entropy",
-        "children": [
+          "id": "insufficient_entropy",
+          "children": [
             {
-            "id": "limited_rng_entropy_source",
-            "cvss_v3": "AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"
+              "id": "limited_rng_entropy_source",
+              "cvss_v3": "AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"
             },
-        {
-        "id": "use_of_trng_for_nonsecurity_purpose",
-            "cvss_v3": "AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"
-        },
-        {
-        "id": "prng_seed_reuse",
-            "cvss_v3": "AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"
-        },
-        {
-        "id": "predictable_prng_seed",
-            "cvss_v3": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"
-        },
-        {
-        "id": "small_seed_space_in_prng",
-            "cvss_v3": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"
-        },
-        {
-        "id": "initialization_vector_reuse",
-            "cvss_v3": "AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"
-        },
-        {
-        "id": "predictable_initialization_vector",
-            "cvss_v3": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"
-        }
-        ]
+            {
+              "id": "use_of_trng_for_nonsecurity_purpose",
+              "cvss_v3": "AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H"
+            },
+            {
+              "id": "prng_seed_reuse",
+              "cvss_v3": "AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"
+            },
+            {
+              "id": "predictable_prng_seed",
+              "cvss_v3": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"
+            },
+            {
+              "id": "small_seed_space_in_prng",
+              "cvss_v3": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"
+            },
+            {
+              "id": "initialization_vector_reuse",
+              "cvss_v3": "AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"
+            },
+            {
+              "id": "predictable_initialization_vector",
+              "cvss_v3": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N"
+            }
+          ]
         },
         {
-        "id": "insecure_implementation",
-        "children": [
+          "id": "insecure_implementation",
+          "children": [
             {
-            "id": "missing_cryptographic_step",
-            "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"
+              "id": "missing_cryptographic_step",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"
             },
             {
-            "id": "improper_following_of_specification",
-            "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"
+              "id": "improper_following_of_specification",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L"
             }
-        ]
+          ]
         },
         {
-        "id": "weak_hash",
-        "children": [
+          "id": "weak_hash",
+          "children": [
             {
-            "id": "lack_of_salt",
-            "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"
+              "id": "lack_of_salt",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"
             },
             {
-            "id": "use_of_predictable_salt",
-            "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"
+              "id": "use_of_predictable_salt",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"
             },
             {
-            "id": "predictable_hash_collision",
-            "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"
+              "id": "predictable_hash_collision",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N"
             }
-        ]
+          ]
         },
         {
-        "id": "insufficient_verification_of_data_authenticity",
-        "children": [
+          "id": "insufficient_verification_of_data_authenticity",
+          "children": [
             {
-            "id": "identity_check_value",
-            "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"
+              "id": "identity_check_value",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"
             },
             {
-            "id": "cryptographic_signature",
-            "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"
+              "id": "cryptographic_signature",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"
             }
-        ]
+          ]
         },
         {
-        "id": "insecure_key_generation",
-        "children": [
+          "id": "insecure_key_generation",
+          "children": [
             {
-            "id": "improper_asymmetric_prime_selection",
-            "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
+              "id": "improper_asymmetric_prime_selection",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
             },
             {
-            "id": "improper_asymmetric_exponent_selection",
-            "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
+              "id": "improper_asymmetric_exponent_selection",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L"
             },
             {
-            "id": "insufficient_key_stretching",
-            "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"
+              "id": "insufficient_key_stretching",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N"
             },
-        {
-        "id": "insufficient_key_space",
-            "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
-        },
             {
-            "id": "key_exchange_without_entity_authentication",
-            "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"
+              "id": "insufficient_key_space",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
+            },
+            {
+              "id": "key_exchange_without_entity_authentication",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"
             }
-        ]
+          ]
         },
         {
-        "id": "key_reuse",
-        "children": [
+          "id": "key_reuse",
+          "children": [
             {
-        "id": "lack_of_perfect_forward_secrecy",
-            "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
-        },
-        {
-        "id": "intra-environment",
-            "cvss_v3": "AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"
-        },
-        {
-        "id": "inter-environment",
-            "cvss_v3": "AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"
-        }
-        ]
+              "id": "lack_of_perfect_forward_secrecy",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
+            },
+            {
+              "id": "intra-environment",
+              "cvss_v3": "AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"
+            },
+            {
+              "id": "inter-environment",
+              "cvss_v3": "AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H"
+            }
+          ]
         },
         {
-        "id": "side-channel_attack",
-        "children": [
+          "id": "side-channel_attack",
+          "children": [
             {
-            "id": "padding_oracle_attack",
-            "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
+              "id": "padding_oracle_attack",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
             },
             {
-            "id": "timing_attack",
-            "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
+              "id": "timing_attack",
+              "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
             },
             {
-            "id": "power_analysis_attack",
-            "cvss_v3": "AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
+              "id": "power_analysis_attack",
+              "cvss_v3": "AV:P/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
             },
             {
-            "id": "emanations_attack",
-            "cvss_v3": "AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
+              "id": "emanations_attack",
+              "cvss_v3": "AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
             },
             {
-            "id": "differential_fault_analysis",
-            "cvss_v3": "AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
+              "id": "differential_fault_analysis",
+              "cvss_v3": "AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N"
             }
-        ]
+          ]
         },
         {
-        "id": "use_of_expired_cryptographic_key_or_cert",
-        "cvss_v3": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"
+          "id": "use_of_expired_cryptographic_key_or_cert",
+          "cvss_v3": "AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L"
         },
         {
-        "id": "incomplete_cleanup_of_keying_material",
-        "cvss_v3": "AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L"
+          "id": "incomplete_cleanup_of_keying_material",
+          "cvss_v3": "AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:L"
         }
-    ]
+      ]
     },
     {
-    "id": "broken_cryptography",
-    "children": [
+      "id": "broken_cryptography",
+      "children": [
         {
-        "id": "use_of_broken_cryptographic_primitive",
-        "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
+          "id": "use_of_broken_cryptographic_primitive",
+          "cvss_v3": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N"
         },
         {
-        "id": "use_of_vulnerable_cryptographic_library",
-        "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"
+          "id": "use_of_vulnerable_cryptographic_library",
+          "cvss_v3": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N"
         }
-    ]
+      ]
     },
     {
       "id": "privacy_concerns",
diff --git a/mappings/cwe/cwe.json b/mappings/cwe/cwe.json
index d1f19a54..c12671e2 100644
--- a/mappings/cwe/cwe.json
+++ b/mappings/cwe/cwe.json
@@ -147,7 +147,7 @@
       "id": "server_side_injection",
       "cwe": ["CWE-929"],
       "children": [
-       {
+        {
           "id": "ldap_injection",
           "cwe": ["CWE-90"]
         },
@@ -239,54 +239,53 @@
         }
       ]
     },
-{
-  "id": "sensitive_data_exposure",
-  "cwe": ["CWE-934"],
-  "children": [
     {
-      "id": "disclosure_of_secrets",
+      "id": "sensitive_data_exposure",
+      "cwe": ["CWE-934"],
       "children": [
         {
-          "id": "pii_leakage_exposure",
+          "id": "disclosure_of_secrets",
+          "children": [
+            {
+              "id": "pii_leakage_exposure",
+              "cwe": ["CWE-200"]
+            }
+          ]
+        },
+        {
+          "id": "exif_geolocation_data_not_stripped_from_uploaded_images",
+          "cwe": ["CWE-200"]
+        },
+        {
+          "id": "visible_detailed_error_page",
+          "cwe": ["CWE-209", "CWE-215"]
+        },
+        {
+          "id": "disclosure_of_known_public_information",
           "cwe": ["CWE-200"]
+        },
+        {
+          "id": "token_leakage_via_referer",
+          "cwe": ["CWE-200"]
+        },
+        {
+          "id": "sensitive_token_in_url",
+          "cwe": ["CWE-200"]
+        },
+        {
+          "id": "non_sensitive_token_in_url",
+          "cwe": ["CWE-200"]
+        },
+        {
+          "id": "weak_password_reset_implementation",
+          "cwe": ["CWE-640"]
+        },
+        {
+          "id": "via_localstorage_sessionstorage",
+          "cwe": ["CWE-922"]
         }
       ]
     },
-    {
-      "id": "exif_geolocation_data_not_stripped_from_uploaded_images",
-      "cwe": ["CWE-200"]
-    },
-    {
-      "id": "visible_detailed_error_page",
-      "cwe": ["CWE-209", "CWE-215"]
-    },
-    {
-      "id": "disclosure_of_known_public_information",
-      "cwe": ["CWE-200"]
-    },
-    {
-      "id": "token_leakage_via_referer",
-      "cwe": ["CWE-200"]
-    },
-    {
-      "id": "sensitive_token_in_url",
-      "cwe": ["CWE-200"]
-    },
-    {
-      "id": "non_sensitive_token_in_url",
-      "cwe": ["CWE-200"]
-    },
-    {
-      "id": "weak_password_reset_implementation",
-      "cwe": ["CWE-640"]
-    },
-    {
-      "id": "via_localstorage_sessionstorage",
-      "cwe": ["CWE-922"]
-    }
-  ]
-}
-,
     {
       "id": "cross_site_scripting_xss",
       "cwe": ["CWE-79"]
@@ -425,182 +424,183 @@
         }
       ]
     },
-    {    "id": "cryptographic_weakness",
-    "cwe": ["CWE-310","CWE-1205"],
-    "children": [
+    {
+      "id": "cryptographic_weakness",
+      "cwe": ["CWE-310", "CWE-1205"],
+      "children": [
         {
-        "id": "insufficient_entropy",
-        "cwe": ["CWE-330","CWE-331"],
-        "children": [
+          "id": "insufficient_entropy",
+          "cwe": ["CWE-330", "CWE-331"],
+          "children": [
             {
-            "id": "limited_rng_entropy_source",
-            "cwe": ["CWE-338","CWE-332"]
+              "id": "limited_rng_entropy_source",
+              "cwe": ["CWE-338", "CWE-332"]
             },
-        {
-        "id": "use_of_trng_for_nonsecurity_purpose",
-            "cwe": ["CWE-333"]
-        },
-        {
-        "id": "prng_seed_reuse",
-            "cwe": ["CWE-336"]
-        },
-        {
-        "id": "predictable_prng_seed",
-            "cwe": ["CWE-337"]
-        },
-        {
-        "id": "small_seed_space_in_prng",
-            "cwe": ["CWE-339","CWE-334"]
-        },
-        {
-        "id": "initialization_vector_reuse",
-            "cwe": ["CWE-1204"]
-        },
-        {
-        "id": "predictable_initialization_vector",
-            "cwe": ["CWE-340"]
-        }
-        ]
+            {
+              "id": "use_of_trng_for_nonsecurity_purpose",
+              "cwe": ["CWE-333"]
+            },
+            {
+              "id": "prng_seed_reuse",
+              "cwe": ["CWE-336"]
+            },
+            {
+              "id": "predictable_prng_seed",
+              "cwe": ["CWE-337"]
+            },
+            {
+              "id": "small_seed_space_in_prng",
+              "cwe": ["CWE-339", "CWE-334"]
+            },
+            {
+              "id": "initialization_vector_reuse",
+              "cwe": ["CWE-1204"]
+            },
+            {
+              "id": "predictable_initialization_vector",
+              "cwe": ["CWE-340"]
+            }
+          ]
         },
         {
-        "id": "insecure_implementation",
-        "cwe": ["CWE-573"],
-        "children": [
+          "id": "insecure_implementation",
+          "cwe": ["CWE-573"],
+          "children": [
             {
-            "id": "missing_cryptographic_step",
-            "cwe": ["CWE-325"]
+              "id": "missing_cryptographic_step",
+              "cwe": ["CWE-325"]
             },
             {
-            "id": "improper_following_of_specification",
-            "cwe": ["CWE-358","CWE-573"]
+              "id": "improper_following_of_specification",
+              "cwe": ["CWE-358", "CWE-573"]
             }
-        ]
+          ]
         },
         {
-        "id": "weak_hash",
-        "cwe": ["CWE-328"],
-        "children": [
+          "id": "weak_hash",
+          "cwe": ["CWE-328"],
+          "children": [
             {
-            "id": "lack_of_salt",
-            "cwe": ["CWE-759","CWE-916"]
+              "id": "lack_of_salt",
+              "cwe": ["CWE-759", "CWE-916"]
             },
             {
-            "id": "use_of_predictable_salt",
-            "cwe": ["CWE-760"]
+              "id": "use_of_predictable_salt",
+              "cwe": ["CWE-760"]
             },
             {
-            "id": "predictable_hash_collision",
-            "cwe": ["CWE-328"]
+              "id": "predictable_hash_collision",
+              "cwe": ["CWE-328"]
             }
-        ]
+          ]
         },
         {
-        "id": "insufficient_verification_of_data_authenticity",
-        "cwe": ["CWE-345"],
-        "children": [
+          "id": "insufficient_verification_of_data_authenticity",
+          "cwe": ["CWE-345"],
+          "children": [
             {
-            "id": "identity_check_value",
-            "cwe": ["CWE-353","CWE-354","CWE-924"]
+              "id": "identity_check_value",
+              "cwe": ["CWE-353", "CWE-354", "CWE-924"]
             },
             {
-            "id": "cryptographic_signature",
-            "cwe": ["CWE-347"]
+              "id": "cryptographic_signature",
+              "cwe": ["CWE-347"]
             }
-        ]
+          ]
         },
         {
-        "id": "insecure_key_generation",
-        "cwe": null,
-        "children": [
+          "id": "insecure_key_generation",
+          "cwe": null,
+          "children": [
             {
-            "id": "improper_asymmetric_prime_selection",
-            "cwe": ["CWE-326","CWE-1240"]
+              "id": "improper_asymmetric_prime_selection",
+              "cwe": ["CWE-326", "CWE-1240"]
             },
             {
-            "id": "improper_asymmetric_exponent_selection",
-            "cwe": ["CWE-326","CWE-1240"]
+              "id": "improper_asymmetric_exponent_selection",
+              "cwe": ["CWE-326", "CWE-1240"]
             },
             {
-            "id": "insufficient_key_stretching",
-            "cwe": ["CWE-326","CWE-1240"]
+              "id": "insufficient_key_stretching",
+              "cwe": ["CWE-326", "CWE-1240"]
+            },
+            {
+              "id": "insufficient_key_space",
+              "cwe": ["CWE-326", "CWE-331", "CWE-1240"]
             },
-        {
-        "id": "insufficient_key_space",
-            "cwe": ["CWE-326","CWE-331","CWE-1240"]
-        },
             {
-            "id": "key_exchange_without_entity_authentication",
-            "cwe": ["CWE-322"]
+              "id": "key_exchange_without_entity_authentication",
+              "cwe": ["CWE-322"]
             }
-        ]
+          ]
         },
         {
-        "id": "key_reuse",
-        "cwe": ["CWE-323"],
-        "children": [
+          "id": "key_reuse",
+          "cwe": ["CWE-323"],
+          "children": [
             {
-        "id": "lack_of_perfect_forward_secrecy",
-            "cwe": ["CWE-323"]
-        },
-        {
-        "id": "intra-environment",
-            "cwe": ["CWE-323"]
-        },
-        {
-        "id": "inter-environment",
-            "cwe": ["CWE-323"]
-        }
-        ]
+              "id": "lack_of_perfect_forward_secrecy",
+              "cwe": ["CWE-323"]
+            },
+            {
+              "id": "intra-environment",
+              "cwe": ["CWE-323"]
+            },
+            {
+              "id": "inter-environment",
+              "cwe": ["CWE-323"]
+            }
+          ]
         },
         {
-        "id": "side-channel_attack",
-        "cwe": ["CWE-203","CWE-1300"],
-        "children": [
+          "id": "side-channel_attack",
+          "cwe": ["CWE-203", "CWE-1300"],
+          "children": [
             {
-            "id": "padding_oracle_attack",
-            "cwe": ["CWE-780"]
+              "id": "padding_oracle_attack",
+              "cwe": ["CWE-780"]
             },
             {
-            "id": "timing_attack",
-            "cwe": ["CWE-208"]
+              "id": "timing_attack",
+              "cwe": ["CWE-208"]
             },
             {
-            "id": "power_analysis_attack",
-            "cwe": ["CWE-1300"]
+              "id": "power_analysis_attack",
+              "cwe": ["CWE-1300"]
             },
             {
-            "id": "emanations_attack",
-            "cwe": ["CWE-1300"]
+              "id": "emanations_attack",
+              "cwe": ["CWE-1300"]
             },
             {
-            "id": "differential_fault_analysis",
-            "cwe": ["CWE-204","CWE-205"]
+              "id": "differential_fault_analysis",
+              "cwe": ["CWE-204", "CWE-205"]
             }
-        ]
+          ]
         },
         {
-        "id": "use_of_expired_cryptographic_key_or_cert",
-        "cwe": ["CWE-295","CWE-298","CWE-299","CWE-324"]
+          "id": "use_of_expired_cryptographic_key_or_cert",
+          "cwe": ["CWE-295", "CWE-298", "CWE-299", "CWE-324"]
         },
         {
-        "id": "incomplete_cleanup_of_keying_material",
-        "cwe": ["CWE-459"]
+          "id": "incomplete_cleanup_of_keying_material",
+          "cwe": ["CWE-459"]
         }
-    ]
+      ]
     },
     {
-    "id": "broken_cryptography",
-    "cwe": ["CWE-327"],
-    "children": [
+      "id": "broken_cryptography",
+      "cwe": ["CWE-327"],
+      "children": [
         {
-        "id": "use_of_broken_cryptographic_primitive",
-        "cwe": ["CWE-327"]
+          "id": "use_of_broken_cryptographic_primitive",
+          "cwe": ["CWE-327"]
         },
         {
-        "id": "use_of_vulnerable_cryptographic_library",
-        "cwe": ["CWE-327"]
+          "id": "use_of_vulnerable_cryptographic_library",
+          "cwe": ["CWE-327"]
         }
-    ]
+      ]
     },
     {
       "id": "privacy_concerns",
diff --git a/mappings/remediation_advice/remediation_advice.json b/mappings/remediation_advice/remediation_advice.json
index 42f2abd6..cde35058 100644
--- a/mappings/remediation_advice/remediation_advice.json
+++ b/mappings/remediation_advice/remediation_advice.json
@@ -56,9 +56,7 @@
         {
           "id": "same_site_scripting",
           "remediation_advice": "As a best practice, do not resolve targets or hostnames to 127.0.0.1 or similar addresses.",
-          "references": [
-            "http://seclists.org/bugtraq/2008/Jan/270"
-          ]
+          "references": ["http://seclists.org/bugtraq/2008/Jan/270"]
         },
         {
           "id": "ssl_attack_breach_poodle_etc",
@@ -106,9 +104,7 @@
             {
               "id": "missing_caa_record",
               "remediation_advice": "As the domain name holder you can modify the DNS zone file to specify one or more Certification Authorities (CAs) authorized to issue certificates for that domain.",
-              "references": [
-                "https://tools.ietf.org/html/rfc6844"
-              ]
+              "references": ["https://tools.ietf.org/html/rfc6844"]
             }
           ]
         },
@@ -167,9 +163,7 @@
             {
               "id": "excessively_privileged_user_dba",
               "remediation_advice": "Ensure that the current DBMS session user has the least amount of privilege necessary.",
-              "references": [
-                "https://www.owasp.org/index.php/Least_privilege"
-              ]
+              "references": ["https://www.owasp.org/index.php/Least_privilege"]
             }
           ]
         },
@@ -247,9 +241,7 @@
         {
           "id": "cookie_scoped_to_parent_domain",
           "remediation_advice": "If possible do not set the domain for the session cookie. If domain is not set, so by default, the cookie will be a host only cookie, meaning accessible explicitly to the domain from which it was set.",
-          "references": [
-            "https://tools.ietf.org/html/rfc6265"
-          ]
+          "references": ["https://tools.ietf.org/html/rfc6265"]
         },
         {
           "id": "missing_secure_or_httponly_cookie_flag",
@@ -295,9 +287,7 @@
             {
               "id": "account_takeover",
               "remediation_advice": "Ensure correct implementation of OAuth protocol in order to protect client secrets and tokens, and provide secure access controls.",
-              "references": [
-                "https://tools.ietf.org/html/rfc6819"
-              ]
+              "references": ["https://tools.ietf.org/html/rfc6819"]
             },
             {
               "id": "account_squatting",
@@ -535,9 +525,7 @@
         {
           "id": "bitsquatting",
           "remediation_advice": "As a best practice, consider registering any potential bitsquatting domain names.",
-          "references": [
-            "http://dinaburg.org/bitsquatting.html"
-          ]
+          "references": ["http://dinaburg.org/bitsquatting.html"]
         }
       ]
     },
@@ -627,9 +615,7 @@
             {
               "id": "external_authentication_injection",
               "remediation_advice": "Even if unsafe HTML tags like `<script>` or `<iframe>` are filtered out from user input, it is possible to inject `HTTP 401` authentication prompt into a HTML page via tags like `<img>`. In order to prevent this type of injection consider the following solutions:\n\n1. Always treat all user input as untrusted data.\n2. Always input or output encode all data coming into or out of the application.\n3. Always whitelist allowed characters and seldom use blacklisting of characters unless in certain use cases.\n4. Always use a well known and security encoding API for input and output encoding such as the `OWASP ESAPI`.\n5. Never try to write input and output encoders unless absolutely necessary. Chances are that someone has already written a good one.",
-              "references": [
-                "https://www.exploit-db.com/papers/12898/"
-              ]
+              "references": ["https://www.exploit-db.com/papers/12898/"]
             },
             {
               "id": "flash_based_external_authentication_injection",
@@ -668,7 +654,7 @@
             },
             {
               "id": "rtlo",
-              "remediation_advice": "1. If possible avoid allowing Right to Left Override `\u202E` character in filenames and URLs.\n2. Avoid mixing right-to-left and left-to-right characters in a single name.",
+              "remediation_advice": "1. If possible avoid allowing Right to Left Override `‮` character in filenames and URLs.\n2. Avoid mixing right-to-left and left-to-right characters in a single name.",
               "references": [
                 "https://dl.packetstormsecurity.net/papers/general/righttoleften-override.pdf"
               ]
@@ -853,18 +839,14 @@
             {
               "id": "oauth_secret",
               "remediation_advice": "Consider using OAuth Implicit Grant to avoid hardcoding the OAuth secret key within the application.",
-              "references": [
-                "https://tools.ietf.org/html/rfc6749#section-4.2"
-              ]
+              "references": ["https://tools.ietf.org/html/rfc6749#section-4.2"]
             }
           ]
         },
         {
           "id": "xssi",
           "remediation_advice": "1. Avoid placing sensitive content inside JavaScript files, and also not in `JSONP`.\n2. Consider using a CSRF token.\n3. Sensitive scripts should only respond to POST requests.\n4. Append some non-executable prefix to the response body.\n5. Usage of the response header `X-Content-Type-Options: nosniff` and usage of the correct `Content-Type` is also helpful in reducing the chance of XSSI.",
-          "references": [
-            "https://www.scip.ch/en/?labs.20160414"
-          ]
+          "references": ["https://www.scip.ch/en/?labs.20160414"]
         },
         {
           "id": "json_hijacking",
@@ -896,9 +878,7 @@
         {
           "id": "trace_method",
           "remediation_advice": "As the TRACE method can be utilized to bypass certain protections, consider disabling the HTTP method TRACE.",
-          "references": [
-            "https://www.owasp.org/index.php/Cross_Site_Tracing"
-          ]
+          "references": ["https://www.owasp.org/index.php/Cross_Site_Tracing"]
         }
       ]
     },
@@ -1153,8 +1133,8 @@
       "id": "lack_of_binary_hardening",
       "remediation_advice": "To ensure security throughout the life cycle of an application, it is a good practice to harden binaries with memory protections, and significantly increase the cost of reverse engineering and code modification.",
       "references": [
-       "https://wiki.debian.org/Hardening",
-       "https://www.owasp.org/index.php/Mobile_Top_10_2014-M10"
+        "https://wiki.debian.org/Hardening",
+        "https://www.owasp.org/index.php/Mobile_Top_10_2014-M10"
       ]
     },
     {
@@ -1189,319 +1169,309 @@
       ]
     },
     {
-    "id": "cryptographic_weakness",
-    "children": [
+      "id": "cryptographic_weakness",
+      "children": [
         {
-        "id": "insufficient_entropy",
-        "children": [
+          "id": "insufficient_entropy",
+          "children": [
             {
-            "id": "limited_rng_entropy_source",
-            "remediation_advice": "1. When using the native entropy sources in a Linux environment, be sure to use /dev/random instead of /dev/urandom.  This is because, in the event of depletion of the kernel entropy pool, /dev/random blocks until the level of entropy in the system entropy pool is high enough to ensure high entropy random number generation.  In contrast, /dev/urandom does not block and will return low-entropy random numbers in the event of depletion of the system entropy pool.\n\n2. In Windows environments, ensure all elements of the Windows entropy pool exhibit appropriately high levels of randomness.\n\n3. In applications that require large volumes of high-entropy random numbers to be generated, consider using alternative RNGs, such as Intel's Digital Random Number Generator (DRNG).",
-            "references": [
+              "id": "limited_rng_entropy_source",
+              "remediation_advice": "1. When using the native entropy sources in a Linux environment, be sure to use /dev/random instead of /dev/urandom.  This is because, in the event of depletion of the kernel entropy pool, /dev/random blocks until the level of entropy in the system entropy pool is high enough to ensure high entropy random number generation.  In contrast, /dev/urandom does not block and will return low-entropy random numbers in the event of depletion of the system entropy pool.\n\n2. In Windows environments, ensure all elements of the Windows entropy pool exhibit appropriately high levels of randomness.\n\n3. In applications that require large volumes of high-entropy random numbers to be generated, consider using alternative RNGs, such as Intel's Digital Random Number Generator (DRNG).",
+              "references": [
                 "https://www.redhat.com/en/blog/understanding-random-number-generators-and-their-limitations-linux#:~:text=A%20source%20of%20entropy%20(RNG)&text=Random%20number%20generators%20or%20RNGS,unpredictable%20numbers%20as%20its%20output.",
                 "https://blog.cloudflare.com/ensuring-randomness-with-linuxs-random-number-generator/",
                 "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-90B.pdf",
                 "file:///Users/nerdwell/Downloads/Whitepaper%20-%20The%20Windows%2010%20random%20number%20generation%20infrastructure.pdf"
               ]
-          },
-        {
-        "id": "use_of_trng_for_nonsecurity_purpose",
-"remediation_advice": "1. The random number generation rate of most RNGs is limited, so it is important to draw from RNGs only when entropy is needed for security purposes.\n\n2. Applications should ensure resiliency when drawing from TRNGs by properly handling blocking conditions that may arise when the TRNG blocks due to depletion of the entropy source.\n\n3. Increase potential random number generation rate by integrating multiple, diverse, entropy sources in a secure manner.",
-            "references": [
+            },
+            {
+              "id": "use_of_trng_for_nonsecurity_purpose",
+              "remediation_advice": "1. The random number generation rate of most RNGs is limited, so it is important to draw from RNGs only when entropy is needed for security purposes.\n\n2. Applications should ensure resiliency when drawing from TRNGs by properly handling blocking conditions that may arise when the TRNG blocks due to depletion of the entropy source.\n\n3. Increase potential random number generation rate by integrating multiple, diverse, entropy sources in a secure manner.",
+              "references": [
                 "https://blog.cloudflare.com/ensuring-randomness-with-linuxs-random-number-generator/",
                 "https://cwe.mitre.org/documents/sources/TheCLASPApplicationSecurityProcess.pdf"
-            ]
-        },
-        {
-        "id": "prng_seed_reuse",
-            "remediation_advice": "Pseudo-Random Number Generators (PRNG) use complex algorithms to produce a stream of random bits but require an initial 'seeding,' which determines the outcome of all random numbers generated by the PRNG.  Therefore, if an attacker knows the seed value used to initialize the PRNG, it is possible to determine all future random numbers produced by the PRNG.  Do not use the same seed value for multiple invocations of PRNG initialization.",
-            "references": [
+              ]
+            },
+            {
+              "id": "prng_seed_reuse",
+              "remediation_advice": "Pseudo-Random Number Generators (PRNG) use complex algorithms to produce a stream of random bits but require an initial 'seeding,' which determines the outcome of all random numbers generated by the PRNG.  Therefore, if an attacker knows the seed value used to initialize the PRNG, it is possible to determine all future random numbers produced by the PRNG.  Do not use the same seed value for multiple invocations of PRNG initialization.",
+              "references": [
                 "https://www.sciencedirect.com/science/article/pii/S2212017316304972"
-            ]
-        },
-        {
-        "id": "predictable_prng_seed",
-            "remediation_advice": "Pseudo-Random Number Generators (PRNG) use complex algorithms to produce a stream of random bits but require an initial 'seeding,' which determines the outcome of all random numbers generated by the PRNG.  Therefore, if an attacker can predict all or a portion of the seed value used to initialize the PRNG, it is possible to predict the random number stream produced by the PRNG.  Per FIPS 140-3, \"Security Requirements for Cryptographic Modules,\" it is acceptable to use the output of a trustworthy PRNG as the seed value for another PRNG.  Ensure applications use a randomly-generated seed value by drawing from a trustworth entropy source, such as /dev/random.",
-            "references": [
+              ]
+            },
+            {
+              "id": "predictable_prng_seed",
+              "remediation_advice": "Pseudo-Random Number Generators (PRNG) use complex algorithms to produce a stream of random bits but require an initial 'seeding,' which determines the outcome of all random numbers generated by the PRNG.  Therefore, if an attacker can predict all or a portion of the seed value used to initialize the PRNG, it is possible to predict the random number stream produced by the PRNG.  Per FIPS 140-3, \"Security Requirements for Cryptographic Modules,\" it is acceptable to use the output of a trustworthy PRNG as the seed value for another PRNG.  Ensure applications use a randomly-generated seed value by drawing from a trustworth entropy source, such as /dev/random.",
+              "references": [
                 "https://www.sciencedirect.com/science/article/pii/S2212017316304972",
                 "https://csrc.nist.gov/csrc/media/publications/fips/140/2/final/documents/fips1402.pdf",
                 "https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf",
                 "https://www.appmarq.com/public/robustness,1039006,CWE-336-Avoid-using-predictable-SecureRandom-Seeds"
-            ]
-        },
-        {
-        "id": "small_seed_space_in_prng",
-            "remediation_advice": "Pseudo-Random Number Generators (PRNG) use complex algorithms to produce a stream of random bits but require an initial 'seeding,' which determines the outcome of all random numbers generated by the PRNG.  An insufficiently-sized seed value allows an attacker to brute force the random number stream produced by the PRNG by brute forcing all possible seed values.  Ensure the value used as a PRNG seed has a length (in terms of bit size) to guarantee a sufficiently large work-factor to render such brute force attacks infeasible.  As a general rule, the number of steps (iterations) required to compromise the seed value should be at least as large as the number of steps (iterations) required to compromise the cryptographic entity (e.g. key) that relies upon the PRNG.",
-            "references": [
+              ]
+            },
+            {
+              "id": "small_seed_space_in_prng",
+              "remediation_advice": "Pseudo-Random Number Generators (PRNG) use complex algorithms to produce a stream of random bits but require an initial 'seeding,' which determines the outcome of all random numbers generated by the PRNG.  An insufficiently-sized seed value allows an attacker to brute force the random number stream produced by the PRNG by brute forcing all possible seed values.  Ensure the value used as a PRNG seed has a length (in terms of bit size) to guarantee a sufficiently large work-factor to render such brute force attacks infeasible.  As a general rule, the number of steps (iterations) required to compromise the seed value should be at least as large as the number of steps (iterations) required to compromise the cryptographic entity (e.g. key) that relies upon the PRNG.",
+              "references": [
                 "https://csrc.nist.gov/csrc/media/publications/fips/140/2/final/documents/fips1402.pdf",
                 "https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.140-3.pdf",
                 "https://wiki.sei.cmu.edu/confluence/display/c/MSC32-C.+Properly+seed+pseudorandom+number+generators"
-            ]
-        },
-        {
-        "id": "initialization_vector_reuse",
-            "remediation_advice": "Many cryptographic algorithms rely upon an initial block of data, called the 'initialization vector' (IV), in addition to the plaintext being encrypted.  If an application reuses the same IV for multiple invocations of an encryption routine, an attacker can use this knowledge to glean the original plaintext from an encrypted stream.  Ensure each invocation of an encryption routine uses a different IV.",
-            "references": [
+              ]
+            },
+            {
+              "id": "initialization_vector_reuse",
+              "remediation_advice": "Many cryptographic algorithms rely upon an initial block of data, called the 'initialization vector' (IV), in addition to the plaintext being encrypted.  If an application reuses the same IV for multiple invocations of an encryption routine, an attacker can use this knowledge to glean the original plaintext from an encrypted stream.  Ensure each invocation of an encryption routine uses a different IV.",
+              "references": [
                 "https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf",
                 "https://www.openssl.org/~bodo/tls-cbc.txt",
                 "https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf",
                 "http://www.isaac.cs.berkeley.edu/isaac/mobicom.pdf"
-            ]
-        },
-        {
-        "id": "predictable_initialization_vector",
-            "remediation_advice": "Many cryptographic algorithms rely upon an initial block of data, called the 'initialization vector' (IV), in addition to the plaintext being encrypted.  It is critical that it be impossible to predict the IV associated with the plaintext for any given invocation of the encryption routine.  This is best achieved by using a newly-generated random number, produced by a trustworthy RNG, for each invocation of the encryption routine.",
-            "references": [
+              ]
+            },
+            {
+              "id": "predictable_initialization_vector",
+              "remediation_advice": "Many cryptographic algorithms rely upon an initial block of data, called the 'initialization vector' (IV), in addition to the plaintext being encrypted.  It is critical that it be impossible to predict the IV associated with the plaintext for any given invocation of the encryption routine.  This is best achieved by using a newly-generated random number, produced by a trustworthy RNG, for each invocation of the encryption routine.",
+              "references": [
                 "https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf",
                 "https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38d.pdf",
                 "https://www.cve.org/CVERecord?id=CVE-2011-3389"
-            ]
-        }
-        ]
+              ]
+            }
+          ]
         },
         {
-        "id": "insecure_implementation",
-        "children": [
+          "id": "insecure_implementation",
+          "children": [
             {
-            "id": "missing_cryptographic_step",
-            "remediation_advice": "Oftentimes cryptographic algorithms involve complex and time-consuming mathematical operations to ensure the security of the product (e.g. ciphertext, hash value).  In some instances, such as in limited power systems, costly cryptographic steps may be skipped.  As a general rule, cryptographic alorithms are difficult to properly implement and developers should rely on well-vetted cryptographic libraries rather than homegrown implementations.  When it is necessary to develop a homegrown implementation, always thoroughly review the algorithm specification and properly implement each computational step.",
-            "references": [
+              "id": "missing_cryptographic_step",
+              "remediation_advice": "Oftentimes cryptographic algorithms involve complex and time-consuming mathematical operations to ensure the security of the product (e.g. ciphertext, hash value).  In some instances, such as in limited power systems, costly cryptographic steps may be skipped.  As a general rule, cryptographic alorithms are difficult to properly implement and developers should rely on well-vetted cryptographic libraries rather than homegrown implementations.  When it is necessary to develop a homegrown implementation, always thoroughly review the algorithm specification and properly implement each computational step.",
+              "references": [
                 "https://www.rfc-editor.org/rfc/rfc3565",
                 "https://nvd.nist.gov/vuln/detail/CVE-2022-29053",
                 "https://www.fortiguard.com/psirt/FG-IR-22-158"
-            ]
+              ]
             },
             {
-            "id": "improper_following_of_specification",
-            "remediation_advice": "As a general rule, cryptographic alorithms are difficult to properly implement and developers should rely on well-vetted cryptographic libraries rather than homegrown implementations.  When it is necessary to develop a homegrown implementation, ensure the implementation adheres to all requirements for the cryptographic parameters.",
-            "references": [
+              "id": "improper_following_of_specification",
+              "remediation_advice": "As a general rule, cryptographic alorithms are difficult to properly implement and developers should rely on well-vetted cryptographic libraries rather than homegrown implementations.  When it is necessary to develop a homegrown implementation, ensure the implementation adheres to all requirements for the cryptographic parameters.",
+              "references": [
                 "https://www.rfc-editor.org/rfc/rfc7696",
                 "https://www.rfc-editor.org/rfc/rfc3565"
-            ]
+              ]
             }
-        ]
+          ]
         },
         {
-        "id": "weak_hash",
-        "children": [
+          "id": "weak_hash",
+          "children": [
             {
-            "id": "lack_of_salt",
-            "remediation_advice": "A hash computed without the addition of a salt value is vulnerable to rainbow table attacks.  To prevent such attacks, ensure a unique and randonly-generated salt value is concatenated with the plaintext prior to computing the hash.",
-            "references": [
+              "id": "lack_of_salt",
+              "remediation_advice": "A hash computed without the addition of a salt value is vulnerable to rainbow table attacks.  To prevent such attacks, ensure a unique and randonly-generated salt value is concatenated with the plaintext prior to computing the hash.",
+              "references": [
                 "https://cheatsheetseries.owasp.org/cheatsheets/Password_Storage_Cheat_Sheet.html#salting",
                 "https://www.rfc-editor.org/rfc/rfc2898#page-6"
-            ]
+              ]
             },
             {
-            "id": "use_of_predictable_salt",
-            "remediation_advice": "When a hash is computing using a predictable salt, the protections afforded by the salt are diminished, leaving the hash vulnerable to rainbow table attacks.  Always use a unique and randomly-generated value for the salt, and ensure the length of the salt (in terms of bits) is sufficiently large to prevent brute force attacks.  As a general rule, salts used in cryptographic operations should be at least 8 bytes (64 bits) in length.",
-            "references": [
-                "https://www.rfc-editor.org/rfc/rfc2898#page-7"
-            ]
+              "id": "use_of_predictable_salt",
+              "remediation_advice": "When a hash is computing using a predictable salt, the protections afforded by the salt are diminished, leaving the hash vulnerable to rainbow table attacks.  Always use a unique and randomly-generated value for the salt, and ensure the length of the salt (in terms of bits) is sufficiently large to prevent brute force attacks.  As a general rule, salts used in cryptographic operations should be at least 8 bytes (64 bits) in length.",
+              "references": ["https://www.rfc-editor.org/rfc/rfc2898#page-7"]
             },
             {
-            "id": "predictable_hash_collision",
-            "remediation_advice": "Hash collisions occur when a hashing algorithm generates the same hash value for two (or more) different plaintext inputs.  This can be the result of mathematical errors in the algorithm itself, such those found in the MD5 and SHA-1 algorithms.  Hash collisions can also occur as the result of incorrect implementation of an otherwise secure algorithm.  Always ensure applications make use of unbroken and well-vetted hashing algorithms, and ensure implementations strictly adhere to the requirements of cryptographic parameters as indicated by the relevant specification(s).",
-            "references": [
+              "id": "predictable_hash_collision",
+              "remediation_advice": "Hash collisions occur when a hashing algorithm generates the same hash value for two (or more) different plaintext inputs.  This can be the result of mathematical errors in the algorithm itself, such those found in the MD5 and SHA-1 algorithms.  Hash collisions can also occur as the result of incorrect implementation of an otherwise secure algorithm.  Always ensure applications make use of unbroken and well-vetted hashing algorithms, and ensure implementations strictly adhere to the requirements of cryptographic parameters as indicated by the relevant specification(s).",
+              "references": [
                 "https://en.wikipedia.org/wiki/MD5#Collision_vulnerabilities",
                 "https://github.com/nim-lang/Nim/issues/10097",
                 "https://www.rfc-editor.org/rfc/rfc6234"
-            ]
+              ]
             }
-        ]
+          ]
         },
         {
-        "id": "insufficient_verification_of_data_authenticity",
-        "children": [
+          "id": "insufficient_verification_of_data_authenticity",
+          "children": [
             {
-            "id": "identity_check_value",
-            "remediation_advice": "An Integrity Check Value (ICV) is used to ensure data has not become corrupted during transmission and may incorporate keying material to ensure message authenticity in security sensitive applications.  Failure to properly validate the ICV can lead to data corruption and may allow an attacker to impersonate other senders in messages.  Ensure the application validates the ICV in all received messages and adheres to the relevant specification(s) with regard to the ICV validation steps.",
-            "references": [
+              "id": "identity_check_value",
+              "remediation_advice": "An Integrity Check Value (ICV) is used to ensure data has not become corrupted during transmission and may incorporate keying material to ensure message authenticity in security sensitive applications.  Failure to properly validate the ICV can lead to data corruption and may allow an attacker to impersonate other senders in messages.  Ensure the application validates the ICV in all received messages and adheres to the relevant specification(s) with regard to the ICV validation steps.",
+              "references": [
                 "https://cwe.mitre.org/documents/sources/TheCLASPApplicationSecurityProcess.pdf",
                 "https://www.rfc-editor.org/rfc/rfc4302#section-2.6",
                 "https://www.rfc-editor.org/rfc/rfc4302#section-3.3.3"
-            ]
+              ]
             },
             {
-            "id": "cryptographic_signature",
-            "remediation_advice": "A cryptographic signature is used to provide authenticity verification and non-repudiation of data received from another party.  Depending on the application context failure to properly validate the cryptographic signature can result in vulnerabilities ranging from unauthorized information disclosure, to user impersonation, or even unauthorized code execution.  Ensure the application verifies the cryptographic signature accompanying received data and deny requests containing an invalid cryptographic signature.",
-            "references": [
+              "id": "cryptographic_signature",
+              "remediation_advice": "A cryptographic signature is used to provide authenticity verification and non-repudiation of data received from another party.  Depending on the application context failure to properly validate the cryptographic signature can result in vulnerabilities ranging from unauthorized information disclosure, to user impersonation, or even unauthorized code execution.  Ensure the application verifies the cryptographic signature accompanying received data and deny requests containing an invalid cryptographic signature.",
+              "references": [
                 "https://www.internetsociety.org/resources/deploy360/2014/the-two-sides-of-dnssec-signing-and-validation/",
                 "https://vulnerabilityhistory.org/tags/89",
                 "https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-20180926-digsig.html"
-            ]
+              ]
             }
-        ]
+          ]
         },
         {
-        "id": "insecure_key_generation",
-        "children": [
+          "id": "insecure_key_generation",
+          "children": [
             {
-            "id": "improper_asymmetric_prime_selection",
-            "remediation_advice": "When implementing an asymmetric cryptography algorithm that relies upon prime numbers for public/private keypair generation:\n\n(a). ensure that prime number selection allows sufficiently large prime numbers to be represented;\n(b) ensure there is not mathematical relationship between each of the prime numbers selected; and\n(c) always use uniquely-generated random numbers for prime selection.",
-            "references": [
+              "id": "improper_asymmetric_prime_selection",
+              "remediation_advice": "When implementing an asymmetric cryptography algorithm that relies upon prime numbers for public/private keypair generation:\n\n(a). ensure that prime number selection allows sufficiently large prime numbers to be represented;\n(b) ensure there is not mathematical relationship between each of the prime numbers selected; and\n(c) always use uniquely-generated random numbers for prime selection.",
+              "references": [
                 "https://medium.com/curiositypapers/a-complete-explanation-of-rsa-asymmetric-encryption-742c5971e0f",
                 "https://www.schneier.com/blog/archives/2022/03/breaking-rsa-through-insufficiently-random-primes.html",
                 "https://arstechnica.com/information-technology/2022/03/researcher-uses-600-year-old-algorithm-to-crack-crypto-keys-found-in-the-wild/",
                 "https://www.rfc-editor.org/rfc/rfc8017#page-36"
-            ]
+              ]
             },
             {
-            "id": "improper_asymmetric_exponent_selection",
-            "remediation_advice": "When implementing an asymmetric cryptography algorithm that relies upon exponentiation:\n\n(a) ensure that private exponent selection allows for a sufficiently large number to be chosen; and\n(b) always use a uniquely-generated random number for the private exponent.",
-            "references": [
+              "id": "improper_asymmetric_exponent_selection",
+              "remediation_advice": "When implementing an asymmetric cryptography algorithm that relies upon exponentiation:\n\n(a) ensure that private exponent selection allows for a sufficiently large number to be chosen; and\n(b) always use a uniquely-generated random number for the private exponent.",
+              "references": [
                 "https://medium.com/curiositypapers/a-complete-explanation-of-rsa-asymmetric-encryption-742c5971e0f",
                 "https://www.iacr.org/archive/eurocrypt2000/1807/18070374-new.pdf",
                 "https://www.rfc-editor.org/rfc/rfc8017"
-            ]
+              ]
             },
             {
-            "id": "insufficient_key_stretching",
-            "remediation_advice": "Key stretching is a technique used to increase the entropy of low-entropy keys, such as user-supplied passwords.  The technique is usually based on many iterative rounds of cryptographic computations upon the initial low-entropy key and brute forcing vulnerabilities arise if an insufficient number of iterations are applied.  Ensure the application adheres to all relevant specification(s) and performs a sufficiently large number of iterations to render the work-factor of brute force attacks infeasible.",
-            "references": [
+              "id": "insufficient_key_stretching",
+              "remediation_advice": "Key stretching is a technique used to increase the entropy of low-entropy keys, such as user-supplied passwords.  The technique is usually based on many iterative rounds of cryptographic computations upon the initial low-entropy key and brute forcing vulnerabilities arise if an insufficient number of iterations are applied.  Ensure the application adheres to all relevant specification(s) and performs a sufficiently large number of iterations to render the work-factor of brute force attacks infeasible.",
+              "references": [
                 "https://link.springer.com/chapter/10.1007/BFb0030415",
                 "https://www.rfc-editor.org/rfc/rfc2898"
-            ]
+              ]
             },
-        {
-        "id": "insufficient_key_space",
-            "remediation_advice": "Most modern cryptogaphic algorithms allow implementers to specify the length of the key used by the algorithm.  If an insufficient key length is specified, an attacker can use offline brute force techniques to decrypt the ciphertext without any user input.  Ensure the application specifies a sufficiently large minimum cryptographic key length as appropriate for the context or as indicated by relevant regulations and standards.  As a general rule, AES-128, RSA-2048, and SHA-256 should be used, at a minimum.",
-            "references": [
+            {
+              "id": "insufficient_key_space",
+              "remediation_advice": "Most modern cryptogaphic algorithms allow implementers to specify the length of the key used by the algorithm.  If an insufficient key length is specified, an attacker can use offline brute force techniques to decrypt the ciphertext without any user input.  Ensure the application specifies a sufficiently large minimum cryptographic key length as appropriate for the context or as indicated by relevant regulations and standards.  As a general rule, AES-128, RSA-2048, and SHA-256 should be used, at a minimum.",
+              "references": [
                 "https://codeql.github.com/codeql-query-help/cpp/cpp-insufficient-key-size/",
                 "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf"
-            ]
-        },
+              ]
+            },
             {
-            "id": "key_exchange_without_entity_authentication",
-            "remediation_advice": "When a key exchange is performed without validating the authenticity of the opposite entity, an attacker is able to impersonate a trusted entity and compromise the confidentiality of the encrypted data.  Ensure the application properly verifies the identity of the opposite party during key exchange using context appropriate mechanisms, as indiciated in the relevant standard(s) and specification(s).",
-            "references": [
+              "id": "key_exchange_without_entity_authentication",
+              "remediation_advice": "When a key exchange is performed without validating the authenticity of the opposite entity, an attacker is able to impersonate a trusted entity and compromise the confidentiality of the encrypted data.  Ensure the application properly verifies the identity of the opposite party during key exchange using context appropriate mechanisms, as indiciated in the relevant standard(s) and specification(s).",
+              "references": [
                 "https://cwe.mitre.org/documents/sources/TheCLASPApplicationSecurityProcess.pdf",
                 "https://www.rfc-editor.org/rfc/rfc6071#page-17",
                 "https://www.rfc-editor.org/rfc/rfc5246"
-            ]
+              ]
             }
-        ]
+          ]
         },
         {
-        "id": "key_reuse",
-        "children": [
+          "id": "key_reuse",
+          "children": [
             {
-        "id": "lack_of_perfect_forward_secrecy",
-            "remediation_advice": "Perfect Forward Secrecy (PFS) is a technique used to minimize the impact of compromise of an entity's longterm private key by negotiating an ephemeral keypair for each new session between two parties.  Without PFS, compromise of an entity's longterm private key results in compromise of all historical and future session keys based thereupon, meaning any recorded encrypted traffic can then be decrypted.  Ensure the application enables PFS for the encryption protocols implemented, as indicated by the relevant standard(s) and specification(s).",
-            "references": [
+              "id": "lack_of_perfect_forward_secrecy",
+              "remediation_advice": "Perfect Forward Secrecy (PFS) is a technique used to minimize the impact of compromise of an entity's longterm private key by negotiating an ephemeral keypair for each new session between two parties.  Without PFS, compromise of an entity's longterm private key results in compromise of all historical and future session keys based thereupon, meaning any recorded encrypted traffic can then be decrypted.  Ensure the application enables PFS for the encryption protocols implemented, as indicated by the relevant standard(s) and specification(s).",
+              "references": [
                 "https://avinetworks.com/glossary/perfect-forward-secrecy/#:~:text=Without%20perfect%20forward%20secrecy%2C%20an,primary%20secret%20with%20each%20client.",
                 "https://medium.com/asecuritysite-when-bob-met-alice/forward-secrecy-and-ephemeral-keys-guarding-against-data-breaches-in-the-future-b709295c6e5a",
                 "https://www.rfc-editor.org/rfc/rfc7525#page-18"
-            ]
-        },
-        {
-        "id": "intra-environment",
-            "remediation_advice": "Cryptographic key reuse occurs when the same key is used for more than one purpose.  When the same key is used for multiple purposes within the context of a single environment (e.g. individual customer in a multi-tenant application) an attacker can leverage knowledge of the key to gain unauthorized access to other information or privileges protected by the same key.  Ensure all application components, such as information and authentication tokens, are appropriately grouped into separate trust zones and protected by separate cryptographic keys.",
-            "references": [
-                ""
-            ]
-        },
-        {
-        "id": "inter-environment",
-            "remediation_advice": "Cryptographic key reuse occurs when the same key is used for more than one purpose.  When the same key is used between multiple application contexts, such as different customer environments in a multi-tenancy application, an attacker can gain unauthorized access to other users' information and may be able to impersonate other users to achieve privilege escalation.  Ensure the application uses unique cryptographic keys for each application context and do not reuse keys across trust zones.",
-            "references": [
-                ""
-            ]
-        }
-        ]
+              ]
+            },
+            {
+              "id": "intra-environment",
+              "remediation_advice": "Cryptographic key reuse occurs when the same key is used for more than one purpose.  When the same key is used for multiple purposes within the context of a single environment (e.g. individual customer in a multi-tenant application) an attacker can leverage knowledge of the key to gain unauthorized access to other information or privileges protected by the same key.  Ensure all application components, such as information and authentication tokens, are appropriately grouped into separate trust zones and protected by separate cryptographic keys.",
+              "references": [""]
+            },
+            {
+              "id": "inter-environment",
+              "remediation_advice": "Cryptographic key reuse occurs when the same key is used for more than one purpose.  When the same key is used between multiple application contexts, such as different customer environments in a multi-tenancy application, an attacker can gain unauthorized access to other users' information and may be able to impersonate other users to achieve privilege escalation.  Ensure the application uses unique cryptographic keys for each application context and do not reuse keys across trust zones.",
+              "references": [""]
+            }
+          ]
         },
         {
-        "id": "side-channel_attack",
-        "children": [
+          "id": "side-channel_attack",
+          "children": [
             {
-            "id": "padding_oracle_attack",
-            "remediation_advice": "A padding oracle attack occurs when the application reveals information about the validity of padding in data provided for decryption.  By making repeated attempts to decrypt attacker-controlled data, an attacker can use the information gleaned from the padding oracle to derive the encryption key.  Ensure the application produces non-descript error messages when decrypting user-supplied data.  Application responses also must not vary between different types of failure, such that an attacker cannot glean from the error that a padding exception has occurred.",
-            "references": [
+              "id": "padding_oracle_attack",
+              "remediation_advice": "A padding oracle attack occurs when the application reveals information about the validity of padding in data provided for decryption.  By making repeated attempts to decrypt attacker-controlled data, an attacker can use the information gleaned from the padding oracle to derive the encryption key.  Ensure the application produces non-descript error messages when decrypting user-supplied data.  Application responses also must not vary between different types of failure, such that an attacker cannot glean from the error that a padding exception has occurred.",
+              "references": [
                 "https://archiv.infsec.ethz.ch/education/fs08/secsem/Manger01.pdf",
                 "https://research.nccgroup.com/2021/02/17/cryptopals-exploiting-cbc-padding-oracles/",
                 "https://flast101.github.io/padding-oracle-attack-explained/"
-            ]
+              ]
             },
             {
-            "id": "timing_attack",
-            "remediation_advice": "A timing attack occurs when the amount of time the application takes to complete a cryptographic operation is related to the data provided by the user.  By making repeated attempts to decrypt attacker-controlled data, an attacker can use the information gleaned from this attack to derive the encryption key.  Ensure the application implements constant-time cryptographic algorithms, which always take the same amount of time to complete regardless of the input.",
-            "references": [
+              "id": "timing_attack",
+              "remediation_advice": "A timing attack occurs when the amount of time the application takes to complete a cryptographic operation is related to the data provided by the user.  By making repeated attempts to decrypt attacker-controlled data, an attacker can use the information gleaned from this attack to derive the encryption key.  Ensure the application implements constant-time cryptographic algorithms, which always take the same amount of time to complete regardless of the input.",
+              "references": [
                 "https://research.kudelskisecurity.com/2013/12/13/timing-attacks-part-1/",
                 "https://www.bearssl.org/constanttime.html",
                 "https://www.chosenplaintext.ca/articles/beginners-guide-constant-time-cryptography.html"
-            ]
+              ]
             },
             {
-            "id": "power_analysis_attack",
-            "remediation_advice": "Power analysis attacks are made possible when the power consumption of a system or individual circuit is dependent upon the outcome or state of specific steps of the cryptographic algorithm implementation.  Ensure the outcome of an individual step, or a group of steps, in a cryptographic algorithm implementation cannot be directly observed via the electrical state of any given circuit board trace or component.  Ensure power consumption of the system as a whole is decoupled from the state of cryptographic operations performed by the system through the use of power supply capacitance measures.",
-            "references": [
+              "id": "power_analysis_attack",
+              "remediation_advice": "Power analysis attacks are made possible when the power consumption of a system or individual circuit is dependent upon the outcome or state of specific steps of the cryptographic algorithm implementation.  Ensure the outcome of an individual step, or a group of steps, in a cryptographic algorithm implementation cannot be directly observed via the electrical state of any given circuit board trace or component.  Ensure power consumption of the system as a whole is decoupled from the state of cryptographic operations performed by the system through the use of power supply capacitance measures.",
+              "references": [
                 "https://www.proquest.com/openview/45733f2da135a88fba879f038db4d319/1?pq-origsite=gscholar&cbl=18750&diss=y",
                 "https://web.wpi.edu/Pubs/E-project/Available/E-project-122211-215512/unrestricted/Power_analysis.pdf",
                 "https://eprint.iacr.org/2014/204.pdf",
                 "https://ieeexplore.ieee.org/document/6730921"
-            ]
+              ]
             },
             {
-            "id": "emanations_attack",
-            "remediation_advice": "Emanations attacks are made possible when the outcome or state of specific steps of the cryptographic algorithm implementation result in changes to the electromagnetic emanations produced by the physical system on which the application is running.  Remediation of emanations leakage vulnerabilities is highly-dependent upon the application context but some general countermeasures are effective in most instances.  Ensure the application's implementation of each step of cryptographic algorithm processing results in uniform use of processor cycles, power, and features.  In some cases, this may involve the incorporation of less efficient code, in order to achieve a uniform emanations profile for all possible outcomes of each cryptographic step.  Additionally, incorporate EMF shielding into the physical device design to reduce detectable emanations from the device.",
-            "references": [
+              "id": "emanations_attack",
+              "remediation_advice": "Emanations attacks are made possible when the outcome or state of specific steps of the cryptographic algorithm implementation result in changes to the electromagnetic emanations produced by the physical system on which the application is running.  Remediation of emanations leakage vulnerabilities is highly-dependent upon the application context but some general countermeasures are effective in most instances.  Ensure the application's implementation of each step of cryptographic algorithm processing results in uniform use of processor cycles, power, and features.  In some cases, this may involve the incorporation of less efficient code, in order to achieve a uniform emanations profile for all possible outcomes of each cryptographic step.  Additionally, incorporate EMF shielding into the physical device design to reduce detectable emanations from the device.",
+              "references": [
                 "https://www.cs.tau.ac.il/~tromer/mobilesc/",
                 "https://www.cs.tau.ac.il/~tromer/ecdh/",
                 "https://eprint.iacr.org/2016/231.pdf",
                 "https://eprint.iacr.org/2016/129.pdf"
-            ]
+              ]
             },
             {
-            "id": "differential_fault_analysis",
-            "remediation_advice": "Differential fault analysis attacks are made possible when the outcome or state of specific steps of the cryptographic algorithm implementation can be gleaned by changes in the application's (or system's) response to specially-crafted fault conditions.  To prevent such attacks, applications and systems should always revert to a known and uniform state upon the occurrence of faults.  This may be achieved using a variety of methods, the effectiveness of which will vary depending upon context, such as uniform exception handling, restoration of a saved state, or system reset.",
-            "references": [
+              "id": "differential_fault_analysis",
+              "remediation_advice": "Differential fault analysis attacks are made possible when the outcome or state of specific steps of the cryptographic algorithm implementation can be gleaned by changes in the application's (or system's) response to specially-crafted fault conditions.  To prevent such attacks, applications and systems should always revert to a known and uniform state upon the occurrence of faults.  This may be achieved using a variety of methods, the effectiveness of which will vary depending upon context, such as uniform exception handling, restoration of a saved state, or system reset.",
+              "references": [
                 "https://link.springer.com/content/pdf/10.1007/BFb0052259.pdf?pdf=inline%20link",
                 "https://ieeexplore.ieee.org/document/6976633"
-            ]
+              ]
             }
-        ]
+          ]
         },
         {
-        "id": "use_of_expired_cryptographic_key_or_cert",
-        "remediation_advice": "This vulnerabily occurs when:\n\n (a). the application fails to verify the expiration date of a certificate provided by another entity has not passed;\n(b) the application fails to verify the certificate provided by another entity has not been revoked by the issuing authority; or\n(c). the application relies upon manual key management and does not provide a means of verifying the lifecycle of keys in use.  Ensure the application verifies the certificate produced by the opposite entity has not expired or been revoked, and provide the application user with sufficient information about how to proceed.  Ensure the application implements mechanisms to determine the lifecycle of manually-managed cryptographic keys and reject attempts to use expired keys.",
-        "references": [
-                "https://cwe.mitre.org/documents/sources/TheCLASPApplicationSecurityProcess.pdf"
-        ]
+          "id": "use_of_expired_cryptographic_key_or_cert",
+          "remediation_advice": "This vulnerabily occurs when:\n\n (a). the application fails to verify the expiration date of a certificate provided by another entity has not passed;\n(b) the application fails to verify the certificate provided by another entity has not been revoked by the issuing authority; or\n(c). the application relies upon manual key management and does not provide a means of verifying the lifecycle of keys in use.  Ensure the application verifies the certificate produced by the opposite entity has not expired or been revoked, and provide the application user with sufficient information about how to proceed.  Ensure the application implements mechanisms to determine the lifecycle of manually-managed cryptographic keys and reject attempts to use expired keys.",
+          "references": [
+            "https://cwe.mitre.org/documents/sources/TheCLASPApplicationSecurityProcess.pdf"
+          ]
         },
         {
-        "id": "incomplete_cleanup_of_keying_material",
-        "remediation_advice": "Ensure the application erases all non-volatile copies of sensitive cryptographic data in memory or other non-volatile storage when no longer needed by the application.  Ensure the application does not retain sensitive cryptographic data in memory longer than necessary by storing the data in protected volatile storage (e.g. TPM) and open/close handles to the data upon each new invocation of the cryptographic routine.",
-        "references": [
-                "https://documentation-service.arm.com/static/624af896b059dc5ff9a8fbda"
-        ]
-        }
-    ]
+          "id": "incomplete_cleanup_of_keying_material",
+          "remediation_advice": "Ensure the application erases all non-volatile copies of sensitive cryptographic data in memory or other non-volatile storage when no longer needed by the application.  Ensure the application does not retain sensitive cryptographic data in memory longer than necessary by storing the data in protected volatile storage (e.g. TPM) and open/close handles to the data upon each new invocation of the cryptographic routine.",
+          "references": [
+            "https://documentation-service.arm.com/static/624af896b059dc5ff9a8fbda"
+          ]
         }
-    ]
+      ]
     },
     {
-    "id": "broken_cryptography",
-    "children": [
-        {
-        "id": "use_of_broken_cryptographic_primitive",
-        "remediation_advice": "The use of broken, weak, or flawed cryptographic algorithms can allow an attacker to decrypt sensistive information.  Ensure the application makes use of only trustworthy cryprographic algorithms as indicated by relevant security standard(s) and regulation(s).",
-        "references": [
-                "https://codeql.github.com/codeql-query-help/java/java-weak-cryptographic-algorithm/",
-                "https://csrc.nist.gov/csrc/media/publications/fips/140/2/final/documents/fips1402annexa.pdf",
-                "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf"
-        ]
+      "id": "broken_cryptography",
+      "children": [
+        {
+          "id": "use_of_broken_cryptographic_primitive",
+          "remediation_advice": "The use of broken, weak, or flawed cryptographic algorithms can allow an attacker to decrypt sensistive information.  Ensure the application makes use of only trustworthy cryprographic algorithms as indicated by relevant security standard(s) and regulation(s).",
+          "references": [
+            "https://codeql.github.com/codeql-query-help/java/java-weak-cryptographic-algorithm/",
+            "https://csrc.nist.gov/csrc/media/publications/fips/140/2/final/documents/fips1402annexa.pdf",
+            "https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-131Ar2.pdf"
+          ]
         },
         {
-        "id": "use_of_vulnerable_cryptographic_library",
-        "remediation_advice": "The identification, patching, and disclosure of vulnerabilities in third-party libraries, including cryptographic libraries, is a daily occurrence.  In some cases, cryptographic libraries are deemed 'broken' and deprecated.  Ensure the application is updated to include the latest secure version of all third-party cryptographic libraries and replace known 'broken' cryptographic libraries with secure alternatives.",
-        "references": [
-                "https://www.ubiqsecurity.com/bouncy-castle-and-the-impact-of-cryptographic-vulnerabilities/",
-                "https://blog.cryptographyengineering.com/2013/09/20/rsa-warns-developers-against-its-own/"
-        ]
-        }
-    ]
+          "id": "use_of_vulnerable_cryptographic_library",
+          "remediation_advice": "The identification, patching, and disclosure of vulnerabilities in third-party libraries, including cryptographic libraries, is a daily occurrence.  In some cases, cryptographic libraries are deemed 'broken' and deprecated.  Ensure the application is updated to include the latest secure version of all third-party cryptographic libraries and replace known 'broken' cryptographic libraries with secure alternatives.",
+          "references": [
+            "https://www.ubiqsecurity.com/bouncy-castle-and-the-impact-of-cryptographic-vulnerabilities/",
+            "https://blog.cryptographyengineering.com/2013/09/20/rsa-warns-developers-against-its-own/"
+          ]
         }
-    ]
+      ]
     },
     {
       "id": "privacy_concerns",
@@ -1538,9 +1508,7 @@
         {
           "id": "tapjacking",
           "remediation_advice": "Ensure that the setting filterTouchesWhenObscured is set to true, or that the method onFilterTouchEventForSecurity() is implemented in your app.",
-          "references": [
-            "https://blog.devknox.io/tapjacking-android-prevent/"
-          ]
+          "references": ["https://blog.devknox.io/tapjacking-android-prevent/"]
         },
         {
           "id": "clipboard_enabled",
@@ -1831,9 +1799,7 @@
             {
               "id": "sybil_attack",
               "remediation_advice": "Known approaches to Sybil attack prevention include identity validation, social trust graph algorithms, or economic costs, personhood validation, and application-specific defenses.",
-              "references": [
-                "https://en.wikipedia.org/wiki/Sybil_attack"
-              ]
+              "references": ["https://en.wikipedia.org/wiki/Sybil_attack"]
             }
           ]
         }
diff --git a/vulnerability-rating-taxonomy.json b/vulnerability-rating-taxonomy.json
index c40c8897..9281bab2 100644
--- a/vulnerability-rating-taxonomy.json
+++ b/vulnerability-rating-taxonomy.json
@@ -1232,71 +1232,71 @@
       "id": "broken_access_control",
       "name": "Broken Access Control (BAC)",
       "type": "category",
-      "children": [
-    {
-      "id": "idor",
-      "name": "Insecure Direct Object References (IDOR)",
-      "type": "category",
       "children": [
         {
-          "id": "read_edit_delete_non_sensitive_information",
-          "name": "Read/Edit/Delete Non-Sensitive Information",
-          "type": "subcategory",
-          "priority": 5
-        },
-       {
-          "id": "read_edit_delete_sensitive_information",
-          "name": "Read/Edit/Delete Sensitive Information",
-          "type": "subcategory",
+          "id": "idor",
+          "name": "Insecure Direct Object References (IDOR)",
+          "type": "category",
           "children": [
             {
-              "id": "complext_object_identifiers",
-              "name": "GUID/Complex Object Identifiers",
-              "type": "variant",
-              "priority": 4
-            }
-          ]
-        },
-       {
-          "id": "read_sensitive_information",
-          "name": "Read Sensitive Information",
-          "type": "subcategory",
-          "children": [
+              "id": "read_edit_delete_non_sensitive_information",
+              "name": "Read/Edit/Delete Non-Sensitive Information",
+              "type": "subcategory",
+              "priority": 5
+            },
             {
-              "id": "iterable_object_identifiers",
-              "name": "Iterable Object Identifiers",
-              "type": "variant",
-              "priority": 3
-            }
-          ]
-        },
-       {
-          "id": "edit_delete_sensitive_information",
-          "name": "Edit/Delete Sensitive Information",
-          "type": "subcategory",
-          "children": [
+              "id": "read_edit_delete_sensitive_information",
+              "name": "Read/Edit/Delete Sensitive Information",
+              "type": "subcategory",
+              "children": [
+                {
+                  "id": "complext_object_identifiers",
+                  "name": "GUID/Complex Object Identifiers",
+                  "type": "variant",
+                  "priority": 4
+                }
+              ]
+            },
             {
-              "id": "iterable_object_identifiers",
-              "name": "Iterable Object Identifiers",
-              "type": "variant",
-              "priority": 2
-            }
-          ]
-        },
-       {
-          "id": "edit_delete_sensitive_information",
-          "name": "Edit/Delete Sensitive Information",
-          "type": "subcategory",
-          "children": [
+              "id": "read_sensitive_information",
+              "name": "Read Sensitive Information",
+              "type": "subcategory",
+              "children": [
+                {
+                  "id": "iterable_object_identifiers",
+                  "name": "Iterable Object Identifiers",
+                  "type": "variant",
+                  "priority": 3
+                }
+              ]
+            },
             {
-              "id": "read_edit_delete_sensitive_information_pii",
-              "name": "Read/Edit/Delete Sensitive Information (PII)",
-              "type": "variant",
-              "priority": 1
+              "id": "edit_delete_sensitive_information",
+              "name": "Edit/Delete Sensitive Information",
+              "type": "subcategory",
+              "children": [
+                {
+                  "id": "iterable_object_identifiers",
+                  "name": "Iterable Object Identifiers",
+                  "type": "variant",
+                  "priority": 2
+                }
+              ]
+            },
+            {
+              "id": "edit_delete_sensitive_information",
+              "name": "Edit/Delete Sensitive Information",
+              "type": "subcategory",
+              "children": [
+                {
+                  "id": "read_edit_delete_sensitive_information_pii",
+                  "name": "Read/Edit/Delete Sensitive Information (PII)",
+                  "type": "variant",
+                  "priority": 1
+                }
+              ]
             }
           ]
-        }
-         ]
         },
         {
           "id": "username_enumeration",
@@ -1853,254 +1853,254 @@
         }
       ]
     },
+    {
+      "id": "cryptographic_weakness",
+      "name": "Cryptographic Weakness",
+      "type": "category",
+      "children": [
         {
-    "id": "cryptographic_weakness",
-    "name": "Cryptographic Weakness",
-    "type": "category",
-    "children": [
-        {
-        "id": "insufficient_entropy",
-        "name": "Insufficient Entropy",
-        "type": "subcategory",
-        "children": [
+          "id": "insufficient_entropy",
+          "name": "Insufficient Entropy",
+          "type": "subcategory",
+          "children": [
             {
-            "id": "limited_rng_entropy_source",
-            "name": "Limited Random Number Generator (RNG) Entropy Source",
-            "type": "variant",
-            "priority": 4
+              "id": "limited_rng_entropy_source",
+              "name": "Limited Random Number Generator (RNG) Entropy Source",
+              "type": "variant",
+              "priority": 4
             },
-        {
-            "id": "use_of_trng_for_nonsecurity_purpose",
-            "name": "Use of True Random Number Generator (TRNG) for Non-Security Purpose",
-            "type": "variant",
-            "priority": 5
-        },
-        {
-            "id": "prng_seed_reuse",
-            "name": "Pseudo-Random Number Generator (PRNG) Seed Reuse",
-            "type": "variant",
-            "priority": 5
-        },
-        {
-            "id": "predictable_prng_seed",
-            "name": "Predictable Pseudo-Random Number Generator (PRNG) Seed",
-            "type": "variant",
-            "priority": 4
-        },
-        {
-            "id": "small_seed_space_in_prng",
-            "name": "Small Seed Space in Pseudo-Random Number Generator (PRNG)",
-            "type": "variant",
-            "priority": 4
-        },
-        {
-            "id": "initialization_vector_reuse",
-            "name": "Initialization Vector (IV) Reuse",
-            "type": "variant",
-            "priority": 5
-        },
-        {
-            "id": "predictable_initialization_vector",
-            "name": "Predictable Initialization Vector (IV)",
-            "type": "variant",
-            "priority": 4
-        }
-        ]
+            {
+              "id": "use_of_trng_for_nonsecurity_purpose",
+              "name": "Use of True Random Number Generator (TRNG) for Non-Security Purpose",
+              "type": "variant",
+              "priority": 5
+            },
+            {
+              "id": "prng_seed_reuse",
+              "name": "Pseudo-Random Number Generator (PRNG) Seed Reuse",
+              "type": "variant",
+              "priority": 5
+            },
+            {
+              "id": "predictable_prng_seed",
+              "name": "Predictable Pseudo-Random Number Generator (PRNG) Seed",
+              "type": "variant",
+              "priority": 4
+            },
+            {
+              "id": "small_seed_space_in_prng",
+              "name": "Small Seed Space in Pseudo-Random Number Generator (PRNG)",
+              "type": "variant",
+              "priority": 4
+            },
+            {
+              "id": "initialization_vector_reuse",
+              "name": "Initialization Vector (IV) Reuse",
+              "type": "variant",
+              "priority": 5
+            },
+            {
+              "id": "predictable_initialization_vector",
+              "name": "Predictable Initialization Vector (IV)",
+              "type": "variant",
+              "priority": 4
+            }
+          ]
         },
         {
-        "id": "insecure_implementation",
-        "name": "Insecure Implementation",
-        "type": "subcategory",
-        "children": [
+          "id": "insecure_implementation",
+          "name": "Insecure Implementation",
+          "type": "subcategory",
+          "children": [
             {
-            "id": "missing_cryptographic_step",
-            "name": "Missing Cryptographic Step",
-            "type": "variant",
-            "priority": null
+              "id": "missing_cryptographic_step",
+              "name": "Missing Cryptographic Step",
+              "type": "variant",
+              "priority": null
             },
             {
-            "id": "improper_following_of_specification",
-            "name": "Improper Following of Specification (Other)",
-            "type": "variant",
-            "priority": null
+              "id": "improper_following_of_specification",
+              "name": "Improper Following of Specification (Other)",
+              "type": "variant",
+              "priority": null
             }
-        ]
+          ]
         },
         {
-        "id": "weak_hash",
-        "name": "Weak Hash",
-        "type": "subcategory",
-        "children": [
+          "id": "weak_hash",
+          "name": "Weak Hash",
+          "type": "subcategory",
+          "children": [
             {
-            "id": "lack_of_salt",
-            "name": "Lack of Salt",
-            "type": "variant",
-            "priority": null
+              "id": "lack_of_salt",
+              "name": "Lack of Salt",
+              "type": "variant",
+              "priority": null
             },
             {
-            "id": "use_of_predictable_salt",
-            "name": "Use of Predictable Salt",
-            "type": "variant",
-            "priority": 5
+              "id": "use_of_predictable_salt",
+              "name": "Use of Predictable Salt",
+              "type": "variant",
+              "priority": 5
             },
             {
-            "id": "predictable_hash_collision",
-            "name": "Predictable Hash Collision",
-            "type": "variant",
-            "priority": null
+              "id": "predictable_hash_collision",
+              "name": "Predictable Hash Collision",
+              "type": "variant",
+              "priority": null
             }
-        ]
+          ]
         },
         {
-        "id": "insufficient_verification_of_data_authenticity",
-        "name": "Insufficient Verification of Data Authenticity",
-        "type": "subcategory",
-        "children": [
+          "id": "insufficient_verification_of_data_authenticity",
+          "name": "Insufficient Verification of Data Authenticity",
+          "type": "subcategory",
+          "children": [
             {
-            "id": "identity_check_value",
-            "name": "Integrity Check Value (ICV)",
-            "type": "variant",
-            "priority": 4
+              "id": "identity_check_value",
+              "name": "Integrity Check Value (ICV)",
+              "type": "variant",
+              "priority": 4
             },
             {
-            "id": "cryptographic_signature",
-            "name": "Cryptographic Signature",
-            "type": "variant",
-            "priority": null
+              "id": "cryptographic_signature",
+              "name": "Cryptographic Signature",
+              "type": "variant",
+              "priority": null
             }
-        ]
+          ]
         },
         {
-        "id": "insecure_key_generation",
-        "name": "Insecure Key Generation",
-        "type": "subcategory",
-        "children": [
+          "id": "insecure_key_generation",
+          "name": "Insecure Key Generation",
+          "type": "subcategory",
+          "children": [
             {
-            "id": "improper_asymmetric_prime_selection",
-            "name": "Improper Asymmetric Prime Selection",
-            "type": "variant",
-            "priority": null
+              "id": "improper_asymmetric_prime_selection",
+              "name": "Improper Asymmetric Prime Selection",
+              "type": "variant",
+              "priority": null
             },
             {
-            "id": "improper_asymmetric_exponent_selection",
-            "name": "Improper Asymmetric Exponent Selection",
-            "type": "variant",
-            "priority": null
+              "id": "improper_asymmetric_exponent_selection",
+              "name": "Improper Asymmetric Exponent Selection",
+              "type": "variant",
+              "priority": null
             },
             {
-            "id": "insufficient_key_stretching",
-            "name": "Insufficient Key Stretching",
-            "type": "variant",
-            "priority": null
+              "id": "insufficient_key_stretching",
+              "name": "Insufficient Key Stretching",
+              "type": "variant",
+              "priority": null
             },
-        {
-            "id": "insufficient_key_space",
-            "name": "Insufficient Key Space",
-            "type": "variant",
-            "priority": 3
-        },
-        {
-            "id": "key_exchange_without_entity_authentication",
-            "name": "Key Exchage Without Entity Authentication",
-            "type": "variant",
-            "priority": 4
-        }
-        ]
-        },
-        {
-        "id": "key_reuse",
-        "name": "Key Reuse",
-        "type": "subcategory",
-        "children": [
             {
-            "id": "lack_of_perfect_forward_secrecy",
-            "name": "Lack of Perfect Forward Secrecy",
-            "type": "variant",
-            "priority": 4
-        },
-        {
-            "id": "intra-environment",
-            "name": "Intra-Environment",
-            "type": "variant",
-            "priority": 5
+              "id": "insufficient_key_space",
+              "name": "Insufficient Key Space",
+              "type": "variant",
+              "priority": 3
+            },
+            {
+              "id": "key_exchange_without_entity_authentication",
+              "name": "Key Exchage Without Entity Authentication",
+              "type": "variant",
+              "priority": 4
+            }
+          ]
         },
         {
-            "id": "inter-environment",
-            "name": "Inter-Environment",
-            "type": "variant",
-            "priority": 2
-        }
-        ]
+          "id": "key_reuse",
+          "name": "Key Reuse",
+          "type": "subcategory",
+          "children": [
+            {
+              "id": "lack_of_perfect_forward_secrecy",
+              "name": "Lack of Perfect Forward Secrecy",
+              "type": "variant",
+              "priority": 4
+            },
+            {
+              "id": "intra-environment",
+              "name": "Intra-Environment",
+              "type": "variant",
+              "priority": 5
+            },
+            {
+              "id": "inter-environment",
+              "name": "Inter-Environment",
+              "type": "variant",
+              "priority": 2
+            }
+          ]
         },
         {
-        "id": "side-channel_attack",
-        "name": "Side-Channel Attack",
-        "type": "subcategory",
-        "children": [
+          "id": "side-channel_attack",
+          "name": "Side-Channel Attack",
+          "type": "subcategory",
+          "children": [
             {
-            "id": "padding_oracle_attack",
-            "name": "Padding Oracle Attack",
-            "type": "variant",
-            "priority": 4
+              "id": "padding_oracle_attack",
+              "name": "Padding Oracle Attack",
+              "type": "variant",
+              "priority": 4
             },
             {
-            "id": "timing_attack",
-            "name": "Timing Attack",
-            "type": "variant",
-            "priority": 4
+              "id": "timing_attack",
+              "name": "Timing Attack",
+              "type": "variant",
+              "priority": 4
             },
             {
-            "id": "power_analysis_attack",
-            "name": "Power Analysis Attack",
-            "type": "variant",
-            "priority": 5
+              "id": "power_analysis_attack",
+              "name": "Power Analysis Attack",
+              "type": "variant",
+              "priority": 5
             },
             {
-            "id": "emanations_attack",
-            "name": "Emanations Attack",
-            "type": "variant",
-            "priority": 5
+              "id": "emanations_attack",
+              "name": "Emanations Attack",
+              "type": "variant",
+              "priority": 5
             },
             {
-            "id": "differential_fault_analysis",
-            "name": "Differential Fault Analysis",
-            "type": "variant",
-            "priority": null
+              "id": "differential_fault_analysis",
+              "name": "Differential Fault Analysis",
+              "type": "variant",
+              "priority": null
             }
-        ]
+          ]
         },
         {
-        "id": "use_of_expired_cryptographic_key_or_cert",
-        "name": "Use of Expired Cryptographic Key (or Certificate)",
-        "type": "subcategory",
-        "priority": 4
+          "id": "use_of_expired_cryptographic_key_or_cert",
+          "name": "Use of Expired Cryptographic Key (or Certificate)",
+          "type": "subcategory",
+          "priority": 4
         },
         {
-        "id": "incomplete_cleanup_of_keying_material",
-        "name": "Incomplete Cleanup of Keying Material",
-        "type": "subcategory",
-        "priority": 5
+          "id": "incomplete_cleanup_of_keying_material",
+          "name": "Incomplete Cleanup of Keying Material",
+          "type": "subcategory",
+          "priority": 5
         }
-    ]
+      ]
     },
     {
-    "id": "broken_cryptography",
-    "name": "Broken Cryptography",
-    "type": "category",
-    "children": [
+      "id": "broken_cryptography",
+      "name": "Broken Cryptography",
+      "type": "category",
+      "children": [
         {
-        "id": "use_of_broken_cryptographic_primitive",
-        "name": "Use of Broken Cryptographic Primitive",
-        "type": "subcategory",
-        "priority": 3
+          "id": "use_of_broken_cryptographic_primitive",
+          "name": "Use of Broken Cryptographic Primitive",
+          "type": "subcategory",
+          "priority": 3
         },
         {
-        "id": "use_of_vulnerable_cryptographic_library",
-        "name": "Use of Vulnerable Cryptographic Library",
-        "type": "subcategory",
-        "priority": 4
+          "id": "use_of_vulnerable_cryptographic_library",
+          "name": "Use of Vulnerable Cryptographic Library",
+          "type": "subcategory",
+          "priority": 4
         }
-    ]
+      ]
     },
     {
       "id": "privacy_concerns",