Members of the non-profit Anti-Malware Testing Standards Organization (AMTSO) have officially approved and adopted the AMTSO Testing Protocol Standard. Sophos was proud to vote in favor of the standard.
This is the first set of official anti-malware testing standards and represents a big leap forward when it comes to testing endpoint security products. In the press release, AMTSO chairman Simon Edwards comments:
Security vendors often claim that only their solution can protect customers, and testers assert that only their test can accurately measure those claims. Tests following the AMTSO Standard can help customers cut through the hype.
Rather than focus on the technical details – which are addressed separately by a set of AMTSO guidelines – the Testing Protocol Standard focuses on communication and responsibility surrounding comparative tests. It aims to provide security customers and product vendors alike with transparency into the testing process and assurance of a level playing field.
One small but important example is a requirement that the tester must notify all vendors that their products are being included and give these vendors the opportunity to review the plan prior to the start of the test.
There are also requirements imposed on vendors, like us, to ensure everyone participating in these tests is competing fairly – such as requiring clear disclosure about differences between the tested product and what real customers would use, for example.
Sophos CTO Joe Levy has long advocated for fair, transparent, independent testing:
Rigorous testing by third parties is essential to moving our industry forward. Not only does it help customers make informed decisions about security solutions, but the results help us learn and build better products.
The standards will be overseen and continually developed by the AMTSO Standards Working Group, which includes members from several security companies – Sophos included, represented by Test Manager Onur Komili – and third-party testing and certification firms such as AV-Comparatives, NSS Labs and AppEsteem. Most AMTSO members have committed to using the standard themselves. Sophos is no exception.
Simon Reed, VP of SophosLabs notes:
Compliance with the AMTSO Testing Protocol Standard will be a significant factor in where we direct our test budget and Labs staff effort going forward. We also encourage our partners and customers to seek out tests that are compliant with the Standard. If a test isn’t compliant, ask the testing organization – and the vendor that commissioned it – why.
We are thrilled to be a part of this exciting development in malware testing. Standards such as this will help customers make better choices and, in the end, will make our industry stronger.
Photo: Simon Edwards (right), CEO of SE Labs and Chair of AMTSO, attended the Sophos Discover partner conference in Las Vegas to present alongside Jason Shupp (left), Sophos Sales Engineering Director, during the “Malware Demystified” tech track.