Interesting. That's actually where we started. We were doing automated research on vendors from a TPRM perspective and looking for data points around organizational security / reputation. Examples - if the company had been hacked before / how they responded, do they have a CISO, nth party vendors, are they SOC2 / FedRAMP certified, etc. Basically, predictors of risk / stability.

We realized the underlying business graph was the bottleneck though, so that's been our focus for some time. With that in place, we're now coming full circle on the risk research standpoint.

On your comment about confidence / liability, we're actually having conversations around that now and getting feedback. First step is exposing all the research and evidence directly to build trust, which is what we're doing now for the new corporate hierarchy system.