This phase serves to walkthrough the findings and answer any additional questions the client may have.
The Close-out call will have all relevant stakeholders including the security review team, core team, and key members from the client. From this close-out call, all parties should come away with a clear understanding of what occurred during the security review period and the vulnerabilities identified by the security researchers.
All expectations and deliverables initially communicated during the kick-off should now be met and closed out. Additionally, clear and actionable next steps should be established moving into the remediation of the vulnerabilities identified as the engagement moves into the Fix Period stage of the review process.
A draft report will be provided for internal usage of the security review containing all valid issues as well prior to the close-out call and after completion of the security review period.
Note: If after 1 week of receiving the report the client does not provide any comments or concerns raised, the client acknowledges the report is complete and the report will be considered final.