Recently Sophos had the priviledge of hosting the latest AMTSO conference. Two days were spent at Sophos Headquarters and over 40 vendors, testers and journalists agreed the formal release of two documents.
The first document is the AMTSO Fundamental Principles of Testing document. This is a straightforward set of guidelines for any tester wanting to work in the industry and will help them establish a simple method of working that would be supported by vendors and testers.
The second document is the AMTSO Best Practices for Dynamic Testing. This document attempts to outline some ideas as to how dynamic testing could be carried out. This is a challenging area of testing which is widely recognised as both time consuming to do and complicated to carry out safely. This document highlights the possible ways of working in this challenging area.
This is a very exciting outcome for AMTSO. It’s taken a little while to get these documents out but to have acheived consensus from many vendors and testers is considered a miracle by many. As testers are able to adopt some of these guidelines so the general quality of reviews and tests should improve, hopefully making it easier for prospective purchasers of security software to make a more informed choice.
AMTSO is committed to working on further standards and as these are published for comment on the AMTSO blog so I will let you all know about them so you can contribute to this area of work.
Further information is available on the AMTSO website.