We kept asking why nobody had built this. So we built it.

Root Evidence is a vulnerability management company built by veterans of application security, offensive research, and cyber insurance.

We started Evidence because breaches kept happening on a knowable set of vulnerabilities while security teams worked through endless backlogs of theoretical risk.

0%

of CISOs fear losing their job after a breach.

Security breaches have a human cost.

We built Evidence because we knew the human stories behind the statistics. We knew people who worked tirelessly to reduce risk with every tool they had and still got breached. We knew others whose tenures were cut short because they couldn't translate their work into board-ready metrics.

We got tired of watching good people lose winnable fights.

CVEs that cause breaches are a knowable portion of the overall vuln list. Figuring out which ones meant digging into incident data like no other company in history.

We looked at DFIR reports, insurance claims, and post-mortems.

We found out that severity scores are a joke.

Some non-KEV vulns and "medium" severity vulns caused massive losses. Most "critical" vulns had never cost anyone anything.

The people behind Evidence.

Jeremiah Grossman

Chief Executive Officer

In 1999, Jeremiah broke into his own Yahoo Mail accounts out of curiosity, sent the method to the only Yahoo email address he could find, and spent two weeks trading bug reports with someone who turned out to be co-founder David Filo. Yahoo hired him. He went on to secure over 600 websites for more than a hundred million users, founded WhiteHat Security in 2001 with his wife and his high school friend (now Root Evidence co-founder) Lex Arquette, and helped build web application security into a discipline. After 15 years at WhiteHat, he served as Chief of Security Strategy at SentinelOne through its IPO, then co-founded Bit Discovery, which Tenable acquired for $44.5 million in 2022.

Through all of it, he kept seeing the same thing: security teams working through endless vulnerability backlogs, while breaches kept happening on a small, predictable set of CVEs.

He also kept saying something the industry didn't want to hear. Starting at Black Hat in 2014, he argued that security vendors should warranty their products, called the industry a "$75 billion garage sale" in 2016, and built warranty programs at both WhiteHat and SentinelOne. Nobody followed him. Root Evidence is the company where he stopped waiting for the industry to catch up.

Robert "RSnake" Hansen

Chief Technology Officer

Robert started at eBay, where he built the anti-fraud and anti-phishing systems later adopted into every major web browser. He went on to found SecTheory, where he pen-tested over 2,100 banks, credit card processors, flight control systems, and SCADA networks. His research lab at ha.ckers.org produced a third of all top-ranked web vulnerabilities at its peak. He is credited with discovering or formalizing attack techniques including Slowloris and Clickjacking, served as VP of Labs at WhiteHat Security, and co-founded Bit Discovery with Jeremiah.

At Root Evidence, Robert leads the engineering and detection work behind the FIRE list, the EASM architecture, and the data pipeline. His career has been spent finding the gaps that defenses miss. Root Evidence is what happens when that lens gets pointed at which gaps actually cost money.

Get in touch.

For demos, warranty quotes, partnerships, press, or anything else. We answer fast.

Contact us