Vendor Scorecard

We surveyed the EULAs from over 200 private and public cybersecurity vendors. Here is what we found:

  • 42% of all cybersecurity firms restrict transparency
  • 53% of public cybersecurity companies restrict transparency
  • 61% of private cybersecurity companies do not restrict transparency
  • 27 companies restrict disclosures in their EULAs, yet actively promote reviews of their products on “independent” sites

Click here for a complete list of vendors, including a summary of their EULAs.

Transparency Honor Roll

58% of the vendors we surveyed have no EULA restrictions. Do your vendors make the cut?

  • A10 Networks
  • Agari
  • Akamai
  • Armis
  • Auth0
  • Avanan
  • Avepoint
  • Avira
  • Axonius
  • Barracuda
  • Bayshore Networks
  • BeyondTrust
  • BigID
  • BISCOM
  • Bitglass
  • Black Duck
  • Bloombase
  • Booz Allen
  • Brocade Communications Systems
  • Capsule8
  • Cato Networks
  • Cavirin
  • Cimcor
  • Cisco
  • Cloud Cover
  • Code42 Software
  • Cohesive Networks
  • Commvault
  • Core Security SDI Corp
  • Covata
  • Cryptzone, a Cyxtera Business
  • CyberArk Software Ltd.
  • Cyberbit
  • CyberSoft Operating Corp
  • CyberSponse
  • Cycode
  • Cynet
  • Cyxtera Technologies
  • Darktrace
  • Datadog
  • DataLocker
  • Datto
  • Deep Instinct
  • Denim Group
  • DeviceLock
  • DigiCert
  • Dragos
  • Druva
  • DXC Technology
  • Expel
  • F-Secure
  • F5 Networks
  • FileOpen
  • FireMon
  • Flashpoint
  • Fortinet
  • FreeStor *by FalconStor
  • GateKeeper Proximity
  • GFI Software
  • Gigamon
  • GlobalSCAPE
  • HashiCorp
  • Heureka Software
  • Hewlett Packard Enterprise
  • Hexnode *by Mitsogo Technologies Pvt. Ltd.
  • Hunters.ai
  • Hypori
  • HYPR
  • IBM (QRadar)
  • Illumio
  • Impulse Point
  • Intel
  • Intralinks
  • IntSights
  • IronScales
  • Ivanti
  • Ixia
  • Kanguru Solutions
  • Kaspersky Labs
  • KEMP
  • Kenna Security
  • KoolSpan
  • Kroll
  • KnowBe4
  • Lieberman Software Corporation
  • LogMeIn
  • LogRhythm
  • Lookout
  • M-Files
  • ManageEngine
  • Mavenir Systems *acquired by Mitel
  • MetaFlows
  • MetricStream
  • Mocana
  • NetIQ
  • NIKSUN
  • Novetta
  • Okta
  • One Identity
  • One LogIn
  • Optiv
  • Orca Security
  • Paladion
  • PerimeterX
  • Ping Identity
  • Qualys
  • Radware
  • Satori Cyber
  • SCADAfence
  • SentinelOne
  • Siemplify
  • Sophos
  • Symantec
  • Tenable
  • Tufin
  • Vulcan Cyber




Disclaimer: The foregoing information and suggestions in this paper do not, and are not intended to, constitute legal advice. The information provided in this paper is for general informational purposes only. We urge everyone to rigorously review and consult with a legal counsel before accepting or rejecting any agreement. EULAs may change from time to time, and you may be presented with a different EULA than the one we analyzed. Many vendors have more than one EULA; some have different EULAs for different products. Information in this paper may not constitute the most up-to-date legal or other information. In case of inaccuracies, please contact us. All liability with respect to actions taken or not taken based on the contents of this paper is hereby expressly disclaimed by Orca Security.