AMTSO Testing Protocol Standard
The AMTSO Testing Protocol Standard provides testing protocol and behavior expectations for testers and vendors relating to the testing of anti-malware solutions.
The Standard is maintained and run by the Standards Working Group (SWG), a team of volunteers from within the AMTSO membership including representatives of security product vendors and expert testing labs.
Current Testing Protocol Standard
After over two years of development, trials, and consultation, first AMTSO Testing Protocol Standard was approved and adopted by the AMTSO membership in May 2018.
The AMTSO Standard is subject to an ongoing review process and is updated regularly to reflect changing requirements and testing techniques.
If you have any suggestions or recommendations for the Standards Working Group team, please use our Standards Change Request Form – we welcome input on the Standards project from anyone interested in security testing, both within and outside the AMTSO membership.
AMTSO Testing Protocol Standard compliance
All test labs that are aiming to comply with the AMTSO Standard for a particular anti-malware test must provide AMTSO with formal notification and publish a detailed test plan prior to starting the test. This process is intended to provide vendors an opportunity to review the test plan and provide their input, highlighting any potential issues with the test design.
Test notifications can be issued directly by the test lab, or the test lab can use the AMTSO Contact List system to reach the right people within each targeted vendor’s organization.
Each test going through the process of complying with the AMTSO Standard is tracked against a number of metrics. You can find all complete information on all tests following the Standard, including details of notifications, vendor feedback, and compliance status, via our Standard compliance tracking page.
AMTSO Contact List System
As part of the Standards project, AMTSO maintains a comprehensive Contact List system, enabling testers and vendors to open lines of communication on testing matters.
One of the main aims of the Contact List is to ensure that all vendors potentially included in tests are given notification of upcoming tests, along with the proposed methodology in the form of an official AMTSO test plan. Vendors are then able to comment on any potential issues with the test plan prior to a test commencing, and can also register their interest in taking in active role in the running of the test.