Anti-Malware Testing Standards Organization
Anti-Malware Testing Standards Organization (AMTSO) is an international non-profit organization set up in 2008 to address a perceived need for improvement in the quality, relevance and objectivity of anti-malware testing methodologies.
According to the AMTSO web site, the organization's charter currently lists the following objectives:
- Providing a forum for discussions related to the testing of anti-malware and related products.
- Developing and publicizing objective standards and best practices for testing of anti-malware and related products.
- Promoting education and awareness of issues related to the testing of anti-malware and related products.
- Providing tools and resources to aid standards-based testing methodologies.
Until 2012 AMTSO was administered by an elected (and unpaid) Board of Directors, with strategic and other input from an Advisory Board, and six committees to handle specific operations such as membership, fees, PR and so on. Subsequently, a major infrastructural change took place, introducing an executive team with a CEO, CTO, CFO and VPs of Marketing and Strategy in addition to the already existing Board of Directors.
While it grew out of discussions between security vendors and security product testing organizations, membership of AMTSO is also open to academics, reviewers, publications, and does include some individual members. However, the high cost of full membership generally discourages individual members and small organizations from joining, and since early 2011, the organization has offered a much cheaper subscription rate that doesn't, however, offer full voting rights.
The organization has created some potentially useful resources for testers, including a page that flags relevant papers and other resources outside AMTSO, and a repository of guidelines documents for the benefit of aspiring testers on a wide range of topics.
It also organizes workshops three times a year: discussion and generation of guidelines documents are a major by-product of these sessions.
The organization's own blog indicated that there has been lively and sometimes acerbic debate, suggesting that the public, the wider security community and even testers found it hard to trust an organization whose membership includes a preponderance of security vendors. Following a radical infrastructural change in 2012, the blog was cut back to a single page redirecting viewers to the Anti-Malware Testing blog blog and to AMTSO's own forum.