When the customer 'accepts the risk' of a critical SQL Injection finding