AMTSO News 2023-09-15

Welcome to our regular roundup of events and activities in and around AMTSO. 

Meetings and Events

Our London meetings will take place in a few weeks’ time, ahead of the Virus Bulletin conference. Plans have continued to evolve and we are still pinning down a few presentations, an updated agenda has been posted to our member site and we will update again next week as confirmations come in. The second day of the meeting will include a wider than usual group of guests, we expect to have a keynote on day 2 from Raza Syed of Microsoft and also hope to see a guest presentation from MITRE among others. AMTSO topics up for discussion will include our XDR project (details below) and efforts to connect with the purchaser community, as well as looking at new areas we can address with guidance and standards to help promote and support better testing. Members planning to attend are requested to register as soon as possible via the members website, any non-members interested in attending as a guest can register their interest here.

RTTL and ThreatList

The RTTL team held their regular call last week, the main focus was on our ThreatList project which is almost ready to open for contributions. Final work is underway on the system and associated web presence, and we hope to be able to unveil it at the London event. The team also performed the usual oversight of the RTTL system itself, with some new contributors expected to come online shortly and the new sandbox system now fully operational and available to users (subject to quotas).

XDR Testing Criteria

We held a call of our XDR group last week, focused on an initial draft outline of proposed criteria, further work on this project will continue next week and we will dedicate a session to the topic during our London meetings. Our team has also been reaching out to major players in the XDR market seeking input on a proposed repository of recommended configurations for testers to implement. We hope to have a talk from SecureIQLab on their current XDR testing, running under the AMTSO Standard, at the London event.

AMTSO Standard and Test Calendar

Despite summer breaks in many regions we have added 17 new tests to our test calendar in since the last update. These include reports from 8 different independent test labs, almost all of them AMTSO members and many of the tests run under our Standard. We look forward to adding yet another major lab to the list of those routinely running their tests under the Standard in the very near future.

Here’s a summary of activities from our Standard compliance team:

  • SE Labs released their Q2’2023 Enterprise, Small Business, and Consumer Endpoint Test Reports (AMTSO Test ID: AMTSO-LS1-TP076), Phase 2 Commentary was collected and following an extended dispute discussion period, the final Compliance Confirmation Report was issued on Wednesday, September 13th, 2023.
  • A Public Test Notification was issued for Testing Ground Labs for their August 2023 Consumer Android Malware Detection Test (AMTSO Test ID: AMTSO-LS1-TP084) on Monday, August 14th, 2023.  Similarly, a Public Test Notification was issued for their August 2023 Business Android Malware Detection Test (AMTSO Test ID: AMTSO-LS1-TP085) on the same date.
  • A Public Test Notification was issued for the AV Lab Cybersecurity Foundation covering their September 2023 Advanced In-the-Wild Malware Test (AMTSO Test ID: AMTSO-LS1-TP086) on Friday, August 25th, 2023.
  • MRG-Effitas released their Q2’2023 Android 360 Degree Assessment Test Report (AMTSO Test ID: AMTSO-LS1-TP080) on Monday, August 21st, 2023 and AMTSO Phase 2 Commentary collection began on Friday, August 25th, 2023.  The final Compliance Confirmation Report was issued on Thursday, August 31st.
  • On Monday, August 21st, 2023, MRG-Effitas released their Q2’2023 360 Degree Assessment and Certification Endpoint Test Report (AMTSO Test ID: AMTSO-LS1-TP081).  Following a Phase 2 Commentary period, the final Confirmation Report was issued on Thursday, August 31st.
  • Public Test Notifications were issued for the MRG-Effitas  Q3 2023 360 Degree Android Assessment and Certification (AMTSO Test ID: AMTSO-LS1-TP087) and Q3 2023 360 Degree Assessment and Certification (Endpoint) (AMTSO Test ID: AMTSO-LS1-TP088) on Friday, August 25th, 2023.
  • A Compliance Confirmation Report was issued for the AVLab Cybersecurity Foundation July 2023 Advanced In-the-Wild Malware Test (AMTSO-LS1-TP082) on Thursday, August 31st, 2023.
  • A Public Test Renotification was issued for SecureIQLab for their Q3-Q4’2023 Extended Detection and Response XDR CyberRisk Test (AMTSO Test ID: AMTSO-LS1-TP079) on Monday, September 11th, 2023, following some adjustments to the planned methodology and timeline.

Information on all published and upcoming tests being tracked by AMTSO can be found in our test calendar.

Board and Management

We will be holding our usual Board and executive team meetings in London in early October, ahead of the member event. We hope to bring many of our leadership team together in person once again, with others joining remotely, to review progress over the last six months and plan for the future.

Promotion and Outreach

We ran a variety of promotional activities for our London meetings over the last few weeks, including advertising and direct outreach via social media, and expect to have more to promote as the outcomes of the meetings are put into action in a few weeks’ time.


We send this newsletter to all AMTSO member representatives, as well as non-members who have engaged with AMTSO recently and have an interest in what’s going on in the AMTSO community. If you have any friends or colleagues who would like to be kept informed of developments in the testing world, they can sign up here. If you’d like to know more about joining the AMTSO community, there’s information and an application form here.