The SQL Server Management Studio became a standalone product that has a separate release cycle from the SQL Server itself. I think this is a good direction, as the SSMS can be developed now at a much faster pace and meet the demand for features more timely.
The report scans your database and detects any potential security issues you might have introduced. It is a useful addition to the tool belt of a DBA, but also developers, QA testing teams and DevOps teams can use it to ensure that they design, test and deploy safe databases.
The utility allows you also to save a baseline of your security data so that you can compare it with subsequent runs of the report to detect any anomalies that might have been introduced to the database by developers for example.
Here are two links that you can follow to learn more about the utility.
SQL Vulnerability Assessment article on Microsoft Docs site.
What's new in SSMS 17.4: SQL Vulnerability Assessment Technet blog post, with a Channel 9 video showing the utility in use.
Well worth having a look - you might be surprised by your database!