Coming into a code base can be overwhelming. Taking responsibility for the security of a project can be truly terrifying. This talk will describe a set of common scenarios for a project, and how to counteract them. Hopefully, this will help to move your codebase and project to a state where you will be more prepared to handle incoming vulnerability reports. They are down-to-earth everyday scenarios, illustrated by real world software projects and security incidents. Some of the stories are well known, some are anonymized to protect the innocent.