[wwwwwwwwww]

The dev team is very territorial about their code. They're virtually in a separate business unit - I don't even have read access to the source code.

To make things worse, the dev lead's boss always defers to his team's knowledge about the issues, so getting certain security issues fixed can require getting upper management involved.

[Arizhel]

The way I see it, as long as you do your job to notify them of security problems with their code, then the ball is in their court and it's out of your hands. If they choose to ignore it, and it ends up being a disaster, it's their fault as long as you can show you did your job in notifying them properly.

[toomuchtodo]

Enjoy dat paycheck. You're earning it.