Conjoint vulnerability identifiers are determined for a vulnerability, and priorities are determined for the conjoint vulnerability identifiers. A highest priority conjoint vulnerability identifier is selected. An entry in a vulnerability cross reference table is created that associates the highest priority conjoint vulnerability identifier with a lower priority conjoint vulnerability identifier.