Most vulnerability reports contain a field describing severity of a finding; we can use it to set the severity of the issue if its name matches the risk names defined for Purify.