As a long time security professional I have grown increasingly frustrated with the snake oil and misleading claims of security vendors (pew pew pew!). We (Sophos) hold ourselves to incredibly high standards and I wrote a little manifesto outlining how we assess what we call CQ or the cyberseriousness quotient of a project. https://news.sophos.com/en-us/2023/07/03/introducing-cyberseriousness-a-manifesto-for-quality-respect-integrity-and-usefulness-in-infosec/