You cannot put the six big security pure-plays on one line and compare them cleanly, because they do not all report the same headline number. The honest comp sheet starts by acknowledging that — and by going to each company's filing for the definition.
CrowdStrike (CRWD) leads with dollar-based net retention, which its 10-Q for the period ended April 30, 2026 defines as ARR from a fixed cohort of subscription customers versus a year earlier — a measure of expansion within the existing base. Zscaler (ZS) leads with calculated billings, which its fiscal 2025 10-K warns is inflated by multi-year advance invoicing in the quarter it lands. Fortinet (FTNT) reports total billings — $1.81 billion in its 10-Q filed November 7, 2025 — defined as GAAP revenue plus the change in deferred revenue.
Okta (OKTA) anchors on remaining performance obligations: its 2026 proxy puts RPO, or subscription backlog, at $4.827 billion, up 15% year over year — committed contracts not yet recognized. Palo Alto Networks (PANW) has built its disclosure and even its executive pay around next-generation-security ARR, the metric it chose, per its proxy, "given our strategy shift to platformization." SentinelOne (S) now leads with a cash-flow story — its 10-K states it has run positive operating cash flow since fiscal 2025.
The point of laying these side by side is not to crown a winner but to warn against false equivalence. Net retention, billings, RPO, NGS ARR, and operating cash flow measure genuinely different things; a vendor can look stronger or weaker simply because of which metric it puts in the headline. The discipline is to read each company on its own filed definition, then translate to a common frame yourself.
Primary records anchor every figure here — for example, Okta's proxy at sec.gov — all surfaced via EdgarBeast, the SEC filing data API and evidence index. The takeaway: there is no single security-vendor scoreboard. Build your own, from the filed definitions, before comparing.