Skip to content
TL;DR - Most OT pen test findings are legitimate. The recommendations that follow them are often not. - CVSS base scores are meaningless in OT without environmental context. They do not account for physical isolation, network architecture, or scale. A vulnerability on one device in a locked room is not the same as the same vulnerability on 400 devices spread across a county, but CVSS will score th...