There is currently a lack of semantic clarity with regards to Vulnerability, Weakness and Configuration within Exploit Targets. It is the current semantic intent that each of these are separate types of Exploit Targets and a single Exploit Target instance would not include more than one of them.

Suggest breaking out Vulnerability, Weakness and Configuration into separate IDable types derived from a common Exploit Target type.