Your security testers are sad.
You brought them in under NDA, gave them a copy of the code and access to a test environment, and let them loose to do a penetration test. A week later they came back to you with a report of vulnerabilities they found. They listed each bug and how to recreate it, what the impact could be, and how likely it is to be exploited.