Now that the report is complete, it is also important that you suggest fixes and patches for the vulnerability that you found. You should demonstrate to the program owners that there are solutions for the flaws. For instance, your statement should never be about generically sanitizing the inputs. It should provide them with references and probable methods to reach the solution. Sometimes, the development team doesn't know how to warrant a fix to a vulnerability, and if you give them a great statement of a suggested fix, it will be highly appreciated by them.