I have been approached by few security professionals about the problem they encounter in getting software developers to fix the vulnerabilities that is detected in the application.

Let us accept the fact that developers are mostly busy focusing their time and effort on the functionality of application. Most of the time the software development manager gets away by using the busy excuse. One approach that I suggest you could  is to rank the vulnerabilities based on "severity" (how bad if the vulnerability is exploited) and "threat" (how likely the vulnerability exploit is) and communicate this list to the software development team. Give the software development manager time to fix the vulnerabilities - usually the time that the software development manager thinks that is acceptable.

If the vulnerabilities are not acted up on despite of your first meeting, then try this route: require the software development manager and the business owner of the application to sign a business risk acceptance form. The risk acceptance form could be as simple as a word document with a list of high severity/threat vulnerabilities and a narrative that states that signatories of the form acknowledge the existence of vulnerabilities (that you communicated) and have accepted the risk (posed by the vulnerabilities) for a time period specified in the form. This way as a security professional you are covered that you did your job in communicating the security risk to the stakeholders. Now that they have signed on the form if something bad  event happens the accountability of the event is outside of you.

You may find out that, business risk acceptance form is a good tool to motivate software development manager - would mobilize resources to act on vulnerabilities rather than sign the business risk acceptance form .