For the past ten years AMTSO has been a forum for both cybersecurity vendors and testers as they collaborate to improve the objectivity, quality, and transparency in security testing methodologies. Our members worked hard to produce a testing standard that we believe, if followed, provides customers with the appropriate data, context and information they need to choose their security products. Throughout the past year and a half, we’ve seen this voluntary standard embraced by many testers and vendors worldwide.
We were disappointed that one of our members chose to file an antitrust lawsuit against us and other AMTSO members. We were even more surprised at their allegation that our organization is only vendor-driven, which just isn’t true. Our standard, as well as our guidelines and fundamental testing principles, were developed by both vendors and testers working together to ensure that our industry can provide customers with the best information possible.
Our testing standard does not require giving “answers” to vendors ahead of the test. It does require, however, that if some of the vendors were given information about the test and others weren’t, that the tester disclose this in its report. Our testing standard doesn’t say what can and can’t be tested. It does say that the tester must be able to substantiate its results.
Our testing standard holds both testers and vendors accountable to ethical and fair practices, including ensuring that competitive tests are fair to all participants. It does not tolerate backroom deals, “fitted” results, or offering private, pay-to-play, undisclosed advantages to vendors who happen to pay more than others. This change is critically important to the broader cybersecurity community, including testers, vendors, and most importantly customers.
But don’t take our word for it; you can read the standard yourself and see how it helps. After all the work put in by the testers and vendors to get it right, and after the validation we’ve gotten from customers, analysts, and reporters, we feel confident that testers who follow the standard will conduct tests that are both ethical and effective, and they will produce test reports that customers can trust.
– Dennis Batchelder, AMTSO President