Edison, Europe's oldest private utility company that has operations across multiple countries, faced the challenge of managing several vulnerabilities across diverse environments.

In this session, Giampaolo Tacchini, CISO at Edison, will discuss how Edison transformed from traditional CVSS scoring to a contextualized risk-based approach, incorporating attack vectors, exploitability status and asset criticality. He will share how their Vulnerability Operations Center (VOC) now collaborates with local CERTs to prioritize threats based on actual business impact rather than generic severity scores.