Comment by 1dontnkow_

Quite true! These last years Ive been working at these companies where we have security audits from this very non-tech people, who have no idea what actually a CVEs is besides the "Severity" level.

Way early in my career the "Security auditors" were the cyber security experts that programmed since they were children and actually read and tested the code.