Most vulnerability management workflows begin and end with a CVSS score (Common Vulnerability Scoring System). But a score without context is just a number, and under NIS2, that's no longer enough. This session takes a single real-world vulnerability and examines it through five different frameworks, each one shifting the priority in a different direction. You'll leave with a clearer picture of what defensible prioritization actually looks like, and an honest view of what it takes to sustain it.