AMTSO – a step, a tiny step, but a step nevertheless, in the right direction

The first I heard of it was a Tweet from Luis Corrons towards the end of last week:

Tweet from Luis Corrons

A bit cryptic, but the reference to me is almost certainly in relation to (one of) my two previous criticisms of AMTSO: firstly that its membership is almost entirely incestuous and that without involvement from outside of the industry its recommendations cannot be trusted; and secondly that use of any testing that is allowed to suggest 100% efficacy against viruses in the wild is disingenuous (see AMTSO: a serious attempt to clean up anti-malware testing; or just a great big con? and Anti Malware Testing Standards Organization: a dissenting view).

But now AMTSO itself has released details (this is on the former criticism, not the latter):

The Anti-Malware Testing Standards Organization (AMTSO, www.amtso.org), an international organization that encourages improved methodologies for testing security programs, announced today the imminent availability of a new subscription model that will open up membership to a wider audience.

Neil Rubenking, Lead Analyst at PC Magazine, commented, “As a member of AMTSO’s Advisory Board I’ve been privileged to interact and work with the group’s members and committees. AMTSO membership is open to individuals, but the 2,000 €/year price puts full membership out of reach for all but the most dedicated. The new subscription model will now allow all interested parties to make a marked contribution to the development of better testing methodologies.”

The new membership model will apparently cost just €20 (presumably per year), and is clearly a move in the right direction. But from the released information you don’t seem to get much for this. You get access to the

…educational resources that are already freely available on the AMTSO website [and] the development of documentation and participation on AMTSO’s email discussion boards, where some of the world’s foremost experts in the anti-malware industry and the testing industry leave vendor bias aside, in order to pursue lively conversations on the intricacies of malware testing, its fallacies and real-world ways in which to improve it.

In short, you get access to a specialist mailing list, and “the right to attend meetings, though not as voting members.”

I don’t want to sound churlish, because this is a major movement for AMTSO, but you get to speak your mind with no guarantee that anyone will listen, and certainly no say in what AMTSO actually does. It is nowhere near what I personally would like to see: the recruitment of senior technicians from some of the major corporate AV users; with full voting rights. If this simply isn’t possible, perhaps AMTSO could tell us why?

So, all in all, a tiny step in the right direction.