Update ratings descriptions in schema files for clarity on VEX usage

schema/bom-1.6.schema.json

@@ -2681,7 +2681,7 @@
         "ratings": {
           "type": "array",
           "title": "Ratings",
-          "description": "List of vulnerability ratings",
+          "description": "List of vulnerability ratings. In VEX, consumers SHOULD use ratings with analysis.state and SHOULD NOT ignore them; source ratings may differ and aid prioritization.",
           "items": {
             "$ref": "#/definitions/rating"
           }

schema/bom-1.7.schema.json

@@ -2841,7 +2841,7 @@
         "ratings": {
           "type": "array",
           "title": "Ratings",
-          "description": "List of vulnerability ratings",
+          "description": "List of vulnerability ratings. In VEX, consumers SHOULD use ratings with analysis.state and SHOULD NOT ignore them; source ratings may differ and aid prioritization.",
           "items": {
             "$ref": "#/definitions/rating"
           }

schema/ext/vulnerability-1.0-SNAPSHOT.schema.json

@@ -146,7 +146,7 @@
         "ratings": {
           "type": "array",
           "title": "Ratings",
-          "description": "List of the vulnerability ratings as defined by various risk rating methodologies.",
+          "description": "List of vulnerability ratings. In VEX, consumers SHOULD use ratings with analysis.state and SHOULD NOT ignore them; source ratings may differ and aid prioritization.",
           "items": {"$ref": "#/definitions/rating"}
         },
         "cwes": {