Sensitive service/login panel/file disclosure context-based entry classification and prioritization

The VRT includes a number of intentionally-limited entries designated as varies due to both the technical and policy-based context necessary to prioritize. I believe we have an opportunity to clarify several similar issue categories to encourage thoughtful conversations about risk, design, and incentivization outcome. Related to yet distinct from HTTP risk/reports (see: #180) we have additional work to do here.

The categories include but are not limited to:

• FTP / Sensitive Service usage
• Potentially-sensitive resource exposure
  • Login panels
  • Diagnostic/status pages (Apache modules, phpinfo(), etc.)
  • Webserver root directory files

I propose we create appropriate high-level categories to classify these issues as varies for the following benefits:

• Consistent classification across all bug bounty programs utilizing the VRT
• Consistent outcome expectation setting, as pertains to priority, acceptance, and necessary risk discussion
• Positive impact to the Bugcrowd platform kudos economy related to and dependent upon VRT, e.g. kudos-only program balance, open scope programs, platform-wide incentivization mechanics (leaderboard)

Issue #136 raised this concept for FTP alone and I believe that due to the above, combined with hard data observations, we should revisit this topic for the benefit of VRT in clarity but also the platform itself.