Last updated June 23, 2026.
This page explains exactly how Oreaxe evaluates, scores, and ranks the security tools we cover — what our ratings are based on, what they’re not, and the rules we hold ourselves to. We publish it because a recommendation is only worth as much as the method behind it, and you deserve to see ours.
Who does the evaluating
Oreaxe is written by two named people, not an anonymous “editorial team,” and we split the work along our actual expertise:
- Muhammad Saqlain is the founder of Oreaxe and a digital transformation and cybersecurity consultant, and leads our compliance and buyer’s-guide coverage.
- Mubbashir Ali, co-founder of Oreaxe and a Certified Ethical Hacker (CEH v12) with 17+ years in enterprise IT and infrastructure security, leads our hands-on technical coverage and technically reviews our security articles.
Where an article carries technical claims, Mubbashir reviews them before publication. We tell you who wrote and who reviewed each piece.
What our evaluations are based on
Every assessment draws on a defined set of evidence. For each product, we work from:
- Documented capabilities — the vendor’s own technical documentation and feature set.
- Independent lab results — where they exist, from recognised testing labs (such as AV-TEST, AV-Comparatives, and SE Labs). For smaller or regional vendors, this data is often limited, and when it is, we say so plainly.
- Public pricing — confirmed against the vendor’s own site, including renewal and auto-renewal terms.
- Hands-on use — where we have genuinely used the product ourselves, and only where we say we have.
The line we don’t cross: tested vs. evaluated
We are deliberate about two words.
- A review means we have hands-on experience with the product and tell you what we observed.
- An overview or evaluation means we assessed it from documentation, independent data, and pricing — without claiming hands-on testing we didn’t do.
We will never describe a product as “tested” when we haven’t tested it. If a piece is an evaluation rather than a hands-on review, the page says so. This matters most on security and compliance topics, where overstating confidence can cause real harm.
How we score
Where we assign a rating, it is the considered result of a consistent rubric — not a single impression. We assess products across criteria such as:
| Criterion | What it measures |
|---|---|
| Protection / effectiveness | Detection and defensive capability, judged against independent lab data where available |
| Performance | System impact and reliability in normal use |
| Ease of use | Setup, deployment, and day-to-day operation, especially for small teams |
| Value | Pricing relative to what you get, including renewal terms |
| Transparency | Vendor clarity, independent test coverage, and support quality |
When we can’t verify something, we don’t fake a number. If a product’s protection can’t be confirmed — no independent lab data and no hands-on testing — we mark that criterion “not independently verified” rather than inventing a score, and we may withhold a single averaged rating rather than imply more certainty than we have. A missing score is more honest than a confident guess.
How we rank tools in comparisons
In “best of” comparisons, the criteria decide the order — not the commission.
- We build the field from the strongest products in the category, whether or not we have an affiliate relationship with them.
- We recommend the right tool for a given need even when it earns us nothing.
- A product that pays us never moves up the list for that reason. If it ranks lower on merit, it stays lower.
If a recommendation ever reads as suspiciously convenient for us, that’s a failure of this policy, and we want to know.
Affiliate links and independence
Oreaxe is an affiliate-supported site. Some links earn us a commission, at no extra cost to you, and that revenue keeps our content free. It does not influence our ratings or rankings, which follow the method on this page. Our full terms are in our Affiliate Disclosure.
Keeping our coverage current
Security products and their pricing change constantly. We revisit our published evaluations as products evolve, threats shift, and prices move, and we date each update so you can see how current it is. If something on the page is out of date, the date tells you to verify the latest details on the vendor’s own site before deciding.
Found something wrong? Tell us.
If you spot a factual error, an out-of-date price, or a recommendation you think we’ve got wrong, contact us. We correct mistakes openly rather than quietly, and well-reasoned challenges make our coverage better. Accuracy matters more to us than being right the first time.