Your external security consultant just sent you the vulnerability report from the last test you ordered?
What shall you do with all those findings and how to successfully communicate with the concerned parties?
What could go wrong and why?
If you are a part of a young security team and struggle to communicate the security issues with your software development team I highly recommend the SANS reading “How to Win Friends and Remediate Vulnerabilities” by Chad Butler.
The whitepaper discusses the main challenges a security team usually faces while establishing vulnerability management process. The author is a defendant of the positive communication approach which I personally fully support.
While reading I’ve made some mind maps which might be useful to visualise certain article points. You can find those attached bellow.