Whether a vulnerability has been found internally, by a white-hat hacker reporting responsibly, or heaven forbid, a threat actor hell-bent on wreaking havoc and potential destruction within your environment, there are core lessons to take away from each engagement. Working backwards, from end to beginning, can you pinpoint the moment that your business process created a space for that vulnerability to exist? What needs to change in those business processes to prevent recurrence.   
By creating a circular process of learning, there's an intent to reduce the number of reviews that need to take place after the fact with the express intention of reducing the likelihood of a vulnerability making it into production.  
This talk will walk through the lifecycle of a vulnerability report, and a step by step guide to fundamental considerations that internal security teams should review to ensure that there can be as much information extracted from each issue as possible to create safer, more secure products that save organizations money by reducing the number of emergency responses.