Optionally have overall CVSS score in severity

[djc]

severity is currently defined as

{
	"severity": [ {
		"type": string,
		"score": string
	} ]
}

I'm currently implementing support for showing RustSec advisories on crates.io, and we'd like to show the overall CVSS score on crates.io. We have a Rust cvss crate which calculates these, but so far we've been able to get by with doing this entirely in the frontend. I think it might be nice to allow severity objects to contain an optional overall key containing the numerical aggregate score matching the score vector.

Would a PR in this direction be accepted? Should the value take the form of a string or a number in JSON?

[jess-lowe]

My two cents here: because severity scores are something that can already be calculated from the larger string, I think we'd be hesitant to add it as a field (in the effort of avoiding redundancy).