Too Long; Didn't Read
Any time a pentest recipient raises a concern - any kind of concern, no matter how small it may seem - we consider that an escalation. For the pentest provider, these concerns should be treated with a high degree of urgency and with a perspective to learn from them, rather than to simply close them out. Most of these escalations can be avoided and resolved quickly by making sure both teams are well-aligned and in communication from the beginning. Findings are usually at the root of most escalations - whether it's too few or too many, not critical enough or too critical - the expectations each team has is different.