The AMTSO Testing Protocol Standard provides testing protocol and behavior expectations for testers and vendors relating to the testing of anti-malware solutions. The Standard is maintained and run by the Standards Working Group (SWG), a team of volunteers from within the AMTSO membership including representatives of security product vendors and expert testing labs.
After over two years of development, trials, and consultation, the AMTSO Testing Protocol Standard was approved and adopted by the AMTSO membership in May 2018.
The AMTSO Standard is subject to an ongoing review process and will be updated regularly to reflect changing requirements and testing techniques. The latest version is Version 1.2, adopted in June 2019. Previous versions of the Standard are available for reference on our documents page.
We welcome input on the Standards project from anyone interested in security testing, both within and outside the AMTSO membership. If you have any suggestions or recommendations for the SWG team, you can use our Standards Change Request Form.
Standard Compliance Tracking
All test labs that are aiming to comply with the AMTSO Standard for a particular anti-malware test must provide AMTSO with formal notification and publish a detailed test plan prior to starting the test. This process is intended to provide vendors an opportunity to review the test plan and provide their input, highlighting any potential issues with the test design.
Test notifications can be issued directly by the test lab, or the test lab can use the AMTSO Contact List system to reach the right people within each targeted vendor’s organization.
Each test going through the process of complying with the AMTSO Standard is tracked against a number of metrics. You can find all complete information on all tests following the Standard, including details of notifications, vendor feedback, and compliance status, via our Standard compliance tracking page.
As part of the Standards project, AMTSO has undertaken to maintain a comprehensive Contact List system, enabling testers and vendors to open lines of communication on testing matters. One of the main aims of the Contact List is to ensure that all vendors potentially included in tests are given notification of upcoming tests, along with the proposed methodology in the form of an official AMTSO test plan. Vendors are then able to comment on any potential issues with the test plan prior to a test commencing, and can also register their interest in taking in active role in the running of the test.
You can find out more about the Contact List system, including a list of current participants, on the Contact List page. To request your details be added to the AMTSO Contact List, please use the Contact List Application Form.
Why do we need Standards?
You can find out more about the need for Standards in our video: