Reporting Security Vulnerabilities to Developers

Curious on how most developers/engineers receive reported security issues in their code, service or infrastructure today? What you do and dont like about the process? What would be ideal view of seeing such submissions?

For security teams what are some pain points of being able to submit security related bugs to developers. What would be your ideal way to communicate to developers?