Evaluate If SoftwareProduct has Extraneous Attack Steps

[andrewbwm]

In the newer versions of the language SoftwareProduct is itself Information as such we have two associations, originSoftwareProduct and information, that try to mostly convey the same thing. Maybe we would like to merge into into just one and even combine some of the attack steps.. However, we should likely preserve as much of the compromise Applications nomenclature as possible to clearly indicate that it is triggers special compromises due to the Information's nature.