Working Groups

Sub-groups of AMTSO members focused on specific topics or projects

AMTSO operates a number of working groups focusing on specific topics and projects. Working group participation is open to all member representatives, and each group operates to its own schedules and collaboration formats to suit the requirements of the project. Many also engage with non-members active in the field they focus on, often inviting guests to attend working group calls or meetings to add to the debate, or to review proposed papers and other outputs.

Below are the main working groups currently active, with some details of their purpose and member composition:

The RTTL group oversees AMTSO’s threat-intel and sample-sharing initiatives, RTTL and ThreatList. The group meets regularly to review the flow of data in and out of each system, work on expansions and improvements, and track new contributors and users.

The Sandbox Evaluation project aims to provide guidance, tools and structures to measure the efficacy of sandbox solutions in various use-cases. The group published its Framework paper in March 2025, and plans to continue working to develop further guidance on sample selection.

The VPN Testing Working Group is building guidelines for testing all aspects of VPN technologies, with its first paper, focused on core VPN features, published in February 2025. A planned follow-up looking at testing additional security features often included with VPN products is expected to expand in scope to cover all forms of protection from web-based threats including phishing and scams.

The XDR Testing Working Group is tasked with developing criteria for testing XDR solutions, tracking what they include and what areas tests are covering. The group pushed out the first version of its XDR product data tracking system in March 2025, and plans to provide similar data for testing coverage.

Our active groups routinely reach out to non-members for wider input and feedback on their plans, focusing on companies and individuals active in the field the group is working in. You can sign up to follow a group and be kept informed of what’s going on, and what’s coming up, using our “follow us” form:

We have several new projects planned, which we expect to launch in the very near future:

Don’t see the project you’re looking for? If there’s something you think AMTSO should be working on, get in touch to let us know, or join our community to help steer a new project.

These groups are either standing groups with more general remits which meet less regularly, or projects that are currently on hold or retired:

This group oversees AMTSO’s promotional and outreach activities, usually meeting ahead of events and meetings to plan content and steer speaker selection, and to map out social media and announcements.

This group is charged with maintenance and updating of AMTSO’s library of guidelines and best-practice documents, as well as other ways of sharing AMTSO’s expert knowledge with the public and the wider security community.

Set up to investigate new areas for the organization to explore, this group’s main focus recently has been on ways to reach out to purchasers, implementers and users of security solutions, mainly in the enterprise space.

This group developed AMTSO’s main guidance on testing IoT security solutions, and remains standing by to work an future IoT-related projects.

Become a member

Join AMTSO’s community of global experts and play your part in our mission to improve security through useful, fair and above all transparent testing.

Become a member

AMTSO standard

About us

AMTSO standard

About us