Ever asked your EDR vendor for an SBOM or source code access? A recent study did it for 14 of them.
Most security teams evaluate EDR-EPP based on detection rates and remediation features. But what about transparency? What data actually leaves your network? Can you review the code? Do you control updates?
AV-Comparatives (commissioned by the Austrian Economic Chambers) looked at 14 leading cybersecurity vendors - including CrowdStrike, Microsoft, SentinelOne, Trellix, Kaspersky, Cisco, and others - on criteria that rarely make it into product brochures:
Ability to review source code
SBOM (Software Bill of Materials) availability
Telemetry control and opt-out options
Staged update rollouts
On-prem reputation services
Data residency and legal compliance
The results are uneven. Only 3 vendors allow enterprise customers to review source code. Only a handful provide SBOMs. Just 8 out of 14 offer staged updates - which matters a lot after the CrowdStrike incident.
The full report (including a breakdown by vendor) is available through AV-Comparatives. Link in the first comment if anyone wants to dig through the methodology.


























