Fortinet leading the way here - they've answered specifically how they test FortiEDR updates. It's really good, more vendors should follow. https://community.fortinet.com/t5/Blogs/FortiEDR-s-software-and-content-update-release-process/ba-p/327255
My suggestion on what you should ask your EDR vendors, until they release it publicly:
(If they're unable to answer this to you and can't talk about improvements they're working on, keep asking).
Sophos have a blog out listing all their kernel drivers, when they load, how they’re tested etc - it’s really good. https://news.sophos.com/en-us/2024/08/01/driving-lessons-the-kernel-drivers-in-sophos-intercept-x-advanced/
Follow
Would be nice if they listed their source code.
