Evidence: 2025 Year in Review

2025 was the year Evidence moved from an idea to a movement. What started as a frustration shared by practitioners has grown into a company, a product, and a community all centered on one belief: vulnerability management should be driven by evidence, not volume. As we look back on our first year, we want to share what we built, what we learned, and where we are heading next.
‍

Reaching the Community
‍

We announced Evidence in July 2025, just ahead of Black Hat, and the timing could not have been better. The conversations that followed made it clear that people were ready for a different approach to vulnerability management. Since then, Jeremiah and Robert have continued that dialogue through keynotes, podcasts, and webinars, helping bring evidence-based prioritization into broader industry conversations and pressure-testing our ideas with practitioners.
‍

On social media, we focused on being present, transparent, and willing to ask the hard questions. The discussions that unfolded in the comments became an unexpected source of insight. Practitioners shared real-life experiences, pushed back against industry norms, and helped refine how we talk about risk. We shared what we were learning in real time, and the community responded with perspectives that shaped our thinking.
‍

Learning From Partners
‍

One of the most meaningful parts of Evidence’s journey this year has been the Design Partner program. From day one, our goal was to work directly with practitioners who live the realities of vulnerability management. Early conversations with security leaders, insurers, and incident responders shaped not only our product direction but also our understanding of where traditional approaches fall short and where evidence can create real impact.
‍

Since the program launched in September, more than twenty organizations have joined us across a wide range of industries. Several have already participated in proofs of concept that validated our approach, confirming that focusing on vulnerabilities tied to real breaches and financial losses resonates. Their feedback has sharpened what we scan for and how results need to be presented so they are actionable, credible, and defensible to both technical and business stakeholders.
‍

What has stood out most is how aligned our partners are around evidence-based prioritization. Many have emphasized that vulnerability management requires narrative as much as numbers, especially when communicating risk to executives. In response, we are building storytelling and reporting features directly into the product. Partners have also pushed us to support custom vulnerability sets tailored to specific threat models and regulatory pressures, which is shaping how we think about flexibility in the platform.
‍

This collaboration is now taking shape in a product that delivers real-world results. The Design Partner community has become united by the goal of reducing risk in ways that actually scale. Their insight continues to influence what we build and why it matters, and we are deeply grateful for their partnership as we move into the next phase of design.
‍

Delivering Real Results
‍

All of this work converged in 2025 as we translated partner insight into a real, working product. We moved quickly from research to prototypes, validating them in real environments and iterating based on what proved valuable. The result is a product built around evidence, clarity, and measurable impact rather than guesswork or noise.
‍

We are incredibly excited about where this is heading. The foundation is strong, the value is clear, and we are preparing for a major announcement in Q1 that will mark the next phase of Evidence’s evolution.
‍

‍