AMTSO’s Standards project aims to develop and implement the first ever set of official Standards for anti-malware testing. The project is maintained and run by the Standards Working Group (SWG), a team of volunteers from within the AMTSO membership including representatives of security product vendors and expert testing labs. All public information on the Standards project is available from these pages.
After over two years of development, trials, and consultation, the AMTSO Testing Protocol Standard was approved and adopted by the AMTSO membership in May 2018.
The AMTSO Standard is subject to an ongoing review process and will be updated regularly to reflect changing requirements and testing techniques. We welcome input on the Standards project from anyone interested in security testing, both within and outside the AMTSO membership. If you have any suggestions or recommendations for the SWG team, you can use our Standards Change Request Form, or just send an email to firstname.lastname@example.org.
All tests aiming to comply with the AMTSO Standard must issue formal notification and publish a detailed test plan prior to starting the test. This stage gives test subject vendors an opportunity to review the test plan and provide their input, highlighting any potential issues with the test design. Test notifications can be issued directly by the test lab, or can use the AMTSO Contact List system to ensure the alerts reach the right people. You can find all current test notifications on our notifications page.
Each test going through the process of complying with the AMTSO Standard is tracked against a number of metrics, which are recorded in a compliance report. You can find all test compliance information, past and present, on our compliance review pages.
As part of the Standards project, AMTSO has undertaken to maintain a comprehensive Contact List system, enabling testers and vendors to open lines of communication on testing matters. One of the main aims of the Contact List is to ensure that all vendors potentially included in tests are given notification of upcoming tests, along with the proposed methodology in the form of an official AMTSO test plan. Vendors are then able to comment on any potential issues with the test plan prior to a test commencing, and can also register their interest in taking in active role in the running of the test.
You can find out more about the Contact List system, including a list of current participants, on the Contact List page. To request your details be added to the AMTSO Contact List, please use the Contact List Application Form.
Why do we need Standards?
You can find out more about the need for Standards in our video: