The latest articles on DEV Community by Daniel Visovsky (@danielvisovsky). https://dev.to/danielvisovsky https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3860925%2Fc4e5bd95-951e-4de6-bf69-4047e2e86971.png https://dev.to/danielvisovsky en Daniel Visovsky Sun, 17 May 2026 20:54:25 +0000 https://dev.to/danielvisovsky/what-14-edr-vendors-wont-tell-you-about-source-code-sboms-and-update-controls-4680 https://dev.to/danielvisovsky/what-14-edr-vendors-wont-tell-you-about-source-code-sboms-and-update-controls-4680 <p>Ever asked your EDR vendor for an SBOM or source code access? A recent study did it for 14 of them.</p> <p>Most security teams evaluate EDR-EPP based on detection rates and remediation features. But what about transparency? What data actually leaves your network? Can you review the code? Do you control updates?</p> <p>AV-Comparatives (commissioned by the Austrian Economic Chambers) looked at 14 leading cybersecurity vendors - including CrowdStrike, Microsoft, SentinelOne, Trellix, Kaspersky, Cisco, and others - on criteria that rarely make it into product brochures:</p> <p>Ability to review source code<br> SBOM (Software Bill of Materials) availability<br> Telemetry control and opt-out options<br> Staged update rollouts<br> On-prem reputation services<br> Data residency and legal compliance<br> The results are uneven. Only 3 vendors allow enterprise customers to review source code. Only a handful provide SBOMs. Just 8 out of 14 offer staged updates - which matters a lot after the CrowdStrike incident.</p> <p>The full report (including a breakdown by vendor) is available through AV-Comparatives. Link in the first comment if anyone wants to dig through the methodology.</p>