We’ve all seen it. Perhaps some of us have done it. Pentest report comes in. Meeting is convened. Discussion is had. Devs head back to the cubes. And the report vanishes into the dev lead’s desk, never to be seen again. Lather rinse and repeat next year. In these forty-five minutes, Bill will give your the basics of how to talk to your dev staff. Twenty-three years of development experience - ten of it as a security specialist - will get laid on the table. We’ll cover turning vulns into defects, showing devs how to fix the vulns rather than just showing them off, the lies of severity, and building bridges rather than burning them. Bring your drink of choice - some of this will be rough, but we all need to hear it.