Assurance evidence consists of various artefacts that reflect security properties of an IT system, often at a fairly detailed level. Evidence is valued and aggregated into an argumentation that demonstrate that the IT system fulfills the security requirements imposed. This study investigates how different methods and standards in cyber security and functional safety use evidence to demonstrate how security or safety requirements are met. Evidence is an important basis for assurance, where enough trust in the IT system, developers, and suppliers has been attained to enable usage in security critical applications. Evidence consists of tangible and traceable artefacts that are produced through a wide spectrum of methods, such as design walkthroughs, code reviews, tests, and formal methods. The processes and standards that are examined in this study recommend various evidence methods but provide only superficial descriptions of them, which leaves ample room for interpretation. Valuation and aggregation are only described in a general manner, which further adds to the vagueness. There is a considerable research gap within security evidence, encompassing all areas from security goals to detailed evidence methods. While valuation and aggregation seem to be especially unexplored, there is need for additional research to develop and improve evidence methods.