In the following diagram, we see that the information security teams are providing multiple reports to the customer. The customer is responsible for mitigating the risk through their own processes:

These are the main highlights from this phase:

• This would be what I consider data overload, where the customer has so many things on their plate that they simply give up
• This is a one-way street or a radio that broadcasts to anyone who is listening
• There is a lack of interaction between information security teams
• There is no accountability for fixes