Getting developers to take security findings seriously can feel like an uphill battle. Security can be seen as an outside function that is separate from engineering, and somebody else’s problem. Reported findings are frequently dismissed or ignored.Using the framework of social engineering, we’ll discuss techniques and strategies for bringing developers to the conclusion that they should fix their security bugs. From pretexts to recon, to recognizing people as emotional state machines, the tools of social engineering are usually used as part of the testing phase in security. In this talk we’ll cover how to bring developers over to your side and understand why security findings matter to them.