Testing Security Products: Third-Party Standards vs. In-House Testing

For the last decade, the Anti-Malware Testing Standards Organization (AMTSO) has owned the endpoint security testing standards space. It has done much good, bringing order and consistency to a complex arena.

Now, in the last two months, AMTSO has been joined by a new network product testing standard (NetSecOPEN), and a new product testing approach (the MITRE ATT&CK matrix).

AMTSO

AMTSO was founded in 2008, “to improve the business conditions related to the development, use, testing and rating of anti-malware products and solutions.” Membership is open to anybody dedicated to this purpose.

It currently has 61 members noted on its website. The vast majority are what may be called 1st-gen anti-malware companies. Many, but a fewer number, of the 2nd-gen (AKA next-gen) endpoint protection companies have also joined. The remaining members largely are product testing labs. There are no end users represented.