How do you handle a situation where a partner's engineering team is resistant to adopting security best practices?