A team I used to work with closely had a process where if a development team didn't think an issue was important enough to fix and release the security team was encouraged to find other buyers for the vuln. It was actually a pretty great way to both keep people on the same page and keep your security folks tethered to reality.