Ever asked your EDR vendor for an SBOM or source code access? A recent study did it for 14 of them. Most security teams evaluate EDR-EPP based on detection rates and remediation features. But what about transparency? What data actually leaves your network? Can you review the code? Do you control updates? AV-Comparatives (commissioned by the Austrian Economic Chambers) looked at 14 leading cybersecurity vendors - including CrowdStrike, Microsoft, SentinelOne, Trellix, Kaspersky, Cisco, and others - on criteria that rarely make it into product brochures: Ability to review source code SBOM (Software Bill of Materials) availability Telemetry control and opt-out options Staged update rollouts On-prem reputation services Data residency and legal compliance The results are uneven. Only 3 vendors allow enterprise customers to review source code. Only a handful provide SBOMs. Just 8 out of 14 offer staged updates - which matters a lot after the CrowdStrike incident. The full report (including a breakdown by vendor) is available through AV-Comparatives. Link in the first comment if anyone wants to dig through the methodology.
https://dev.to/danielvisovsky/what-14-edr-vendors-wont-tell-you-about-source-code-sboms-and-update-controls-4680