Comparisec
Submit reviewFor vendors

Version v1.0 · Last updated May 2026

Scoring methodology

Comparisec operates on a single non-negotiable principle: editorial independence. This document explains exactly how scores are produced, who produces them, and what commercial relationships can and cannot affect.

1. Editorial scoring rubric

Editorial scores are assigned by the Comparisec analyst team — all active or former practitioners with CISO, director-level, or senior engineer experience. Each vendor is scored on five dimensions, each on a 1–5 integer scale.

Dimension1 — Weak2 — Below avg3 — Average4 — Strong5 — Excellent
Technical capabilityFeature-poor; missing core functionality for categoryNotable gaps vs peers in key capabilitiesMeets baseline expectations for the categoryAbove-average depth; differentiated featuresBest-in-class technical depth; category leader
Compliance coverageNo mapped framework support1–2 frameworks, partial only3–4 frameworks with evidence5–6 frameworks, mostly full coverageAll 8 frameworks, full coverage with third-party evidence
Integration breadthMinimal or proprietary integrations onlyFew integrations; key stack gapsCommon integrations coveredRich ecosystem; API-first approachExtensive marketplace; best-in-class API
Pricing transparencyNo public pricing; NDAs required to proceedModel disclosed but no indicative rangeModel + broad range disclosedDetailed public pricing with tiersFull public pricing; self-serve quoting
Market presenceEarly-stage; unproven at scaleGrowing but limited enterprise referencesEstablished with verifiable enterprise customersCategory leader with significant market shareDominant market position; analyst quadrant leader

2. Reviewer verification process

Practitioner reviews are the most valuable signal — and the easiest to fake. Our verification process is designed to ensure every published review comes from a real person who has used the product in a real professional context.

  1. 1

    LinkedIn verification

    Every reviewer provides a LinkedIn URL. We verify that the job title and current/recent employer are consistent with the deployment context described.

  2. 2

    Usage confirmation

    Reviewers confirm they are a current or recent (within 18 months) user of the product. We ask for the deployment context without requesting company name.

  3. 3

    Content review

    Reviews are read for plausibility, consistency, and specificity. Generic, vague, or suspiciously positive reviews are rejected.

  4. 4

    Conflict screening

    We screen for vendor employees, investors, and channel partners. Affiliated reviewers are rejected regardless of review quality.

  5. 5

    Publication delay

    Reviews are published after 3–5 business days to allow for verification. Reviewers are notified by email.

Privacy note: Your LinkedIn URL is used solely for verification and is never displayed publicly. Your company name is never published. We publish only your job title, company size band, and industry.

3. Composite score formula

The composite score combines editorial assessment (60%) with practitioner reviews (40%). A minimum of 5 verified reviews is required before a composite score is published.

// Editorial average

editorialAvg = mean(technicalCapability, complianceCoverage,

integrationBreadth, pricingTransparency, marketPresence)


// Per-review normalization: recommendScore (0-10) → (1-5)

normalizedRecommend = (recommendScore / 10) × 4 + 1

perReviewAvg = mean(deploymentScore, usabilityScore,

supportScore, normalizedRecommend)


// Reviewer aggregate

reviewerAvg = mean(perReviewAvg for each review)


// Composite (requires ≥ 5 reviews)

composite = round((editorialAvg × 0.6 + reviewerAvg × 0.4) × 10) / 10

Score rangeColourInterpretation
4.5 – 5.0GreenOutstanding — category leader
3.5 – 4.4BlueStrong — above-average product
2.5 – 3.4AmberAverage — notable limitations
1.0 – 2.4RedWeak — significant concerns
N/AGrayScore pending — insufficient data

4. Commercial relationships disclosure

Comparisec is a bootstrapped project. To remain operational, we offer paid listing tiers to vendors. Here is exactly what each tier does and does not affect:

What Sponsorship affectsWhat Sponsorship does NOT affect
  • ✓ A “Sponsored” amber label on the vendor card
  • ✓ Placement in sponsored content units (clearly labelled)
  • ✓ Priority response to vendor data corrections
  • ✗ Editorial scores (set independently by analysts)
  • ✗ Category ranking position (determined by composite score)
  • ✗ Compliance mapping assessments
  • ✗ Review publication decisions
  • ✗ Reviewer verification criteria
Non-negotiable: No vendor can pay to improve their score, remove a review, or change their category ranking. If you believe this has been violated, contact us at editorial@comparisec.com.

5. Scope — categories not yet live

Comparisec launched with 10 categories. The following are on the roadmap but not yet live:

  • DLP (Data Loss Prevention)
  • CASB (Cloud Access Security Broker)
  • API Security
  • WAF (Web Application Firewall)
  • SOAR (Security Orchestration, Automation and Response)
  • Threat Intelligence Platforms
  • GRC (Governance, Risk & Compliance)
  • Security Awareness Training

6. Dispute process

Vendors may dispute factual errors in their profile or editorial assessment. We treat factual disputes seriously and will investigate and correct genuine errors.

  1. 1Email editorial@comparisec.com with subject line: "[Vendor name] — Factual dispute"
  2. 2Describe the specific claim, the correct fact, and provide documentary evidence.
  3. 3We will acknowledge within 2 business days.
  4. 4If the dispute is upheld, we will correct the error and note the correction date.
  5. 5If the dispute is rejected, we will explain why in writing.
Note: Disputes about editorial opinions or scoring judgements (not factual errors) are not subject to this process. We welcome discussion but editorial decisions remain with the Comparisec analyst team.