In the ever-evolving world of cybersecurity, maintaining high standards for anti-malware testing is crucial. The AMTSO Standard serves as guidance ensuring transparency, fairness, and collaboration in the testing process. Here’s a reminder of what the AMTSO Standard entails and how it works to uphold these principles.
The Importance of the AMTSO Standard
The AMTSO Standard was created through collaborative efforts of the industry, bringing testers and vendors together to determine a Standard that provides fairness for vendors, and transparency for their consumer and business customers. The AMTSO Standard is more than a set of guidelines; it’s a commitment to maintaining the highest levels of integrity in anti-malware testing. By adhering to this Standard, test labs ensure that their tests are not only transparent and fair but also open to scrutiny and continuous improvement.
This process does not imply that AMTSO forces or endorses any specific test; rather, it provides a structured framework that helps maintain a high bar for fairness in the industry. As a non-profit organization, AMTSO is governed by a board of members from various independent tester and vendor companies, ensuring that power cannot be abused and decisions are made fairly.
The AMTSO Standard is a comprehensive framework designed to guide test labs in conducting anti-malware tests. It emphasizes the importance of detailed planning, open communication, and rigorous review processes. Here’s a step-by-step overview of the compliance process:
Creating a Test Plan:
Test labs intending to comply with the AMTSO Standard must first create a detailed Test Plan. This plan outlines how the test will be conducted, including a schedule of important dates and specific methodologies to be used.
Formal Notification:
Before the test begins, the test lab must issue a formal notification to all vendors whose products will be tested. This notification can be sent directly by the test lab or through the AMTSO Contact List system to ensure it reaches the appropriate contacts within each vendor’s organization.
Public Posting and Vendor Review:
AMTSO publicly posts the notification details, and in most cases, the Test Plan itself, on its test tracking system. This transparency allows vendors and other interested parties to review the test plan and provide input, identifying any potential issues with the test design.
Vendor Cooperation:
Vendors are encouraged to review the Test Plan and highlight any concerns. In return, they commit to cooperating with the test lab and refraining from any interference during the testing process. This collaborative approach helps ensure the integrity and fairness of the test.
Running the Test:
The test is conducted according to the predefined plan, and data is gathered for final review and reporting. Throughout this process, the test is tracked against several metrics to ensure compliance with the AMTSO Standard.
Post-Test Review and Feedback:
After the test is completed, vendors have another opportunity to provide feedback on its execution. AMTSO reviews all test data and vendor feedback to confirm whether the requirements of the Standard were met.
Transparency in Reporting:
All information related to the test, including vendor feedback and compliance status, is posted on the AMTSO test tracking system. This open access to information ensures ongoing transparency and accountability.
Stay Informed with AMTSO
Those interested in the latest tests in the industry can visit our page tracking the latest and upcoming cybersecurity tests.
By fostering an environment of openness and collaboration, the AMTSO Standard helps drive the industry forward, ensuring that anti-malware testing, and testing of cybersecurity products like VPNs, Sandboxes, and XDR systems, remains fair and transparent.