Why we invested in Root Evidence
By Roger Thornton, Co-founder & General Partner of Ballistic Ventures
At Ballistic Ventures, we believe the biggest opportunities in cybersecurity arise when experienced founders rethink old problems in large markets with bold new approaches. That’s exactly what co-founders Jeremiah Grossman (CEO), Robert “RSnake” Hansen (CTO), Heather Konold (COO) and Lex Arquette (CPO) are doing. It’s also why we jumped at the chance to invest in their new company, Root Evidence.
A broken status quo
Vulnerability management has been a foundational part of cybersecurity for decades. But let’s be honest: it’s broken. Today, security teams are buried under vulnerability data. There are now approximately 300,000 known vulnerabilities in the CVE database, and that number grows by the hour. Just managing these can be a nightmare and it is all but impossible for any business to address them all. (I saw this challenge first-hand with Kenna Security, where we built a successful business simply by helping companies prioritize these findings.)
Every scanner, tool, and platform spits out endless lists of “critical” issues. However, only a tiny fraction (less than 1%) are ever seen being exploited in the wild. The result? Teams are overwhelmed. Patching is reactive. Signal is lost in noise. And true risk often hides in plain sight.
Betting on the builders who know what they’re up against
Jeremiah and Robert need no introductions in the cybersecurity world. But, in short, Jeremiah founded WhiteHat Security and Bit Discovery, served as Chief of Security Strategy at SentinelOne, and helped shape the web application security and attack surface management spaces as we know it. Robert or “RSnake,” is a legendary figure in cybersecurity, a highly respected hacker, researcher, and entrepreneur.
Together, they’ve spent the better part of two decades living the pain of vulnerability management: building tools, discovering flaws, analyzing threats, and helping security teams stay afloat in the face of overwhelming data. With Root Evidence, they’re not adding another scanner to the pile, they’re flipping the model.
Root Evidence offers evidence-based security that actually works
Root Evidence is built on a simple but powerful idea: focus on the vulnerabilities that are actually being exploited and are resulting in financial loss – ignore the ones that aren’t.
That sounds obvious, but most of the industry still treats every theoretical CVE as an equally urgent fire drill. Root Evidence combines exploit intelligence, behavioral data, and practical context to help security teams make better decisions, fast. Picture this:
- Fewer alerts, more action.
- Prioritized remediation based on real-world threat activity.
- Faster time to resolution, without burning out your team.
It’s not just a new product. It’s a new operating system for vulnerability management, one that starts with evidence, not assumptions.
Why it matters
Every security leader I talk to says the same thing, “We know what’s broken. We just need something that works.”
Root Evidence is just that. It works because it’s based on what’s real: real exploits, real environments, and real-world constraints. It’s built by people who have lived the pain. And it’s focused on helping defenders win.
We’re thrilled to be on this journey with Jeremiah, Robert, Heather, and Lex and the entire Root Evidence team. This is the future of vulnerability management – and we can’t wait to see what’s ahead for this company.
For more on Root Evidence, visit rootevidence.com.