Dragos Vulnerability Management is a component of the Dragos Platform designed for operational technology environments. The product provides vulnerability management capabilities tailored to industrial control systems and OT networks. The system identifies and catalogs vulnerabilities across hardware, software, and operating systems within OT environments. It links vulnerabilities directly to assets in the inventory to provide context. The platform applies OT-corrected CVSS scores rather than generic IT vulnerability scoring to reflect industrial system realities. The product uses a "Now, Next, Never" prioritization framework to categorize vulnerabilities based on urgency and operational impact. This approach aims to help security teams focus on the 3-6% of vulnerabilities that require immediate attention while identifying which can be deferred or monitored. Remediation guidance is provided with consideration for operational constraints. Recommendations may include patching when safe, or alternative controls such as network segmentation, access controls, or configuration changes when patching would disrupt operations. The platform receives weekly Knowledge Packs that deliver updated CVE data, OT-specific vulnerability scoring, and detection capabilities. These updates are reviewed by Dragos vulnerability researchers and threat intelligence analysts before distribution. The system is designed to address challenges specific to OT environments including zero downtime requirements, legacy equipment, and safety considerations that differentiate industrial systems from traditional IT infrastructure.