Added more explanation about the attributes

xml/templates/pentestreport/finding.xml

@@ -1,5 +1,19 @@
 <finding id="..." threatLevel="Moderate" type="Information Leak">
-  <!-- Note: threatLevel can be Low, Moderate, Elevated, High or Extreme; type is free text -->
+
+  <!--
+      id needs to be unique across the report, preferably identical to the filename
+      (without extension).
+
+      threatLevel can be Low, Moderate, Elevated, High or Extreme.
+
+      type is the root cause, written in Title Case.
+
+        Examples: Easily Guessable Credentials
+                  Lack Of Application Hardening
+                  Lack Of Webserver Hardening
+                  Missing Patch
+                  Network Design Flaw
+  -->
 
   <title>Title Case</title>