Transparency correlates with security maturity: what the TRACS study found about EDR vendors

A recent study by AV-Comparatives (commissioned by the Austrian Economic Chambers) analyzed 14 leading EDR-EPP vendors on transparency metrics: source code access, SBOM availability, telemetry controls, staged updates, on-prem reputation services, and data residency.

The raw numbers are one thing. But the study also found a correlation worth discussing: vendors with higher transparency scores tended to perform better on vulnerability handling, incident disclosure timelines, and overall security maturity.

In other words, how vendors treat transparency says something about how they treat security.

Three findings stood out to me:

Only 3 vendors allow enterprise customers to review source code. Those same vendors also had better-than-average vulnerability disclosure practices.

Transparency correlates with security maturity: what the TRACS study found about EDR vendors

Other newsrooms on this story

Related reading

SecurityScorecard Snags Driftnet to Level Up Threat Intelligence

Reduce CVE noise with OpenVEX assessments in Datadog | Datadog

Cyber resilience requires visibility

The Resilient Enterprise - SPONSORED CONTENT FROM OPTRO

Security Velocity: The Next Frontier in Application Security

Northern Trust Peer Study: Asset Owners Focus on Data and Operating Model…