Knowing you have vulnerabilities is not the same as knowing what to do about them. For large industrial environments, raw vulnerability counts in the tens of thousands are not actionable - they are paralyzing. The real challenge is building a passive, automated process that maps vulnerabilities to specific assets, accounts for production context and drives prioritized remediation that OT teams can actually execute.

Ricardo Hormann shares how the Volkswagen Group built an in-house vulnerability management platform across 13 car-producing brands - moving from static asset inventories to a dynamic, exposure-based prioritization model.

This session will cover:

• How passive asset-vulnerability matching works without scanning production devices;
• Why data harmonization across source systems is foundational before prioritization begins;
• How an exposure-based decision framework separates urgent action from acceptable risk.