AMTSO News 2023-04-27

Welcome to our new regular roundup of events and activities in and around AMTSO. To receive these updates via email (sent out approximately every two weeks), please sign up here.

Meetings and events

Our latest “Testing Town Hall” event took place on April 12th, featuring an in-depth presentation from MITRE Engenuity on their plans for the next round of testing under their ATT&CK framework, alongside a talk from new AMTSO tester member AVLab Cybersecurity Foundation on their approach to testing. A recording of the MITRE talk is available to members only; the AVLab component will be published shortly.

The next online event is scheduled for July 5th and as usual we hope to feature talks from both guests and AMTSO members. An agenda will be made available in early June; all AMTSO members will receive details of the event, non-members are welcome to sign up to attend our Testing Town Hall events via the form here.

For AMTSO members, the next AMTSO event will be our regular member meeting, being held in Budapest, Hungary on May 23rd and 24th. An initial agenda for this event will be circulated to members next week, expected to include several presentations from members as well as the usual updates on AMTSO’s activities. Members can find more details and the registration form on the member website.

AMTSO Standard and Test Calendar

Our Test Calendar lists 10 new tests published in the last two months, and an all-time total of over 400 separate test summaries. Tests running under the AMTSO Testing Protocol Standard and due for release in the next few weeks include reports from SELabs, SecureIQLab, Testing Ground Labs, and MRG Effitas. Here’s a summary of recent activities from our Standard compliance team:

  • Public Test Notifications were issued for the Testing Ground Labs April 2023 Consumer Android Malware Detection Test (AMTSO Test ID: AMTSO-LS1-TP074) and April 2023 Enterprise Android Malware Detection Test (AMTSO Test ID: AMTSO-LS1-TP075) on Tuesday, April 11th, 2023.  Phase 1 Commentary on both tests closed on Monday, April 24th, 2023.
  • A Public Test Notification was issued for the SE Labs Q2 2023 Endpoint Protection Test (AMTSO Test ID: AMTSO-LS1-TP076) on Wednesday, April 12th, 2023.  Phase 1 Commentary on this test continued through Tuesday, April 25th, 2023.
  • The AVLab Cybersecurity Foundation May 2023 Advanced In-the-Wild Malware Test (AMTSO Test ID: AMTSO-LS1-TP073) continues to progress with three test subject vendors added to the testing process during April.  Those vendors were supplied with the test plan and invited to offer Phase 1 Commentary.


The Real-Time Threat List, AMTSO’s sample-sharing system, is open to all AMTSO members and approved non-members, with a focus on providing high-quality samples and metadata for testing, as well as serving external providers such as CERTs wishing to share samples they discover with the wider industry via a single point of contact. The system had an unexpected outage last week during the transfer to a new digital certificate which affected access for some participants, this has been resolved and any participants still experiencing issues should contact the RTTL team for assistance. The system averaged around 3,000 new samples uploaded per day over the past month, with four AMTSO tester members drawing down samples on a regular or sporadic basis during that period.

Our RTTL group is also working on a wider project tentatively entitled “ThreatList”, which is intended as a replacement for and improvement on the now-defunct WildList. A detailed proposal for how the new system will work has been reviewed and discussed by participants in this project, comprising both AMTSO members and non-members, and we are now in the process of recruiting an oversight group to finalize the structure, as well as supervising acceptance of new contributors and recipients going forward. Once this group is in place we expect to start accepting submissions into the new system, which will run in parallel to the RTTL system and will share many of its features.

Promotion and Outreach

This week we published the latest in our series of interviews with member representatives and others closely involved with AMTSO, a discussion with Neil Rubenking of PCMag. This is the twelfth entry in this series, which gives people working with AMTSO a chance to talk about their views on testing, the work they do, security in general, and how they view AMTSO and our activities, and we hope to publish further entries very soon.

CSO/CISO conference plans

Over the past year AMTSO has been developing plans to bring together testers and purchasers from the CSO/CISO community, to share insights and identify gaps in knowledge which testers can help fill. As part of this process we have conducted multiple in-depth discussions with prominent CSOs/CISOs to gather their views on how best to achieve this goal, and we are currently in discussions with AVAR to potentially hold an event alongside or as part of their regular annual conference, due to be held somewhere in the Middle East towards the end of the year. Once the specifics of this have been pinned down the project team will develop a roadmap of further consultations and trials to help shape how the event will work. We hope to be able to release more details of this project in the next few months.

AMTSO Board elections

For AMTSO members, next month will see our annual election for our Board of Directors, of which half the team are re-elected each year. Nominations for candidates will be open until 12 noon Pacific time on May 1st, and voting will run through the second half of May, with a chance to meet and question the candidates at our Budapest meeting towards the end of the month. The new Board will take over on July 1st at the start of our new membership year.

About this newsletter

We send this newsletter to all AMTSO member representatives, as well as non-members who have an interest in what’s going on in the AMTSO community. If you or any friends or colleagues would like to be kept informed of developments in the testing world, the sign-up form is here. If you’d like to know more about joining the AMTSO community, there’s information and an application form here.