2009年9月1日星期二

Going Forward with AMTSO

logo.gif

The AMTSO board and advisory board met for two days this weekend to strategize on how the group can best advance its stated aim of improving anti-malware testing. The meeting was extremely productive and left me highly confident in the group's future.

In the 18 months since the idea of AMTSO first arose, the group has legally incorporated, gathered a core group of members, and produced a significant set of testing guidelines as well as a number of other testing-related documents. The board spent a goodly portion of the meeting working on how to correctly grow the group's size and credibility.

Board members agreed that given group's open nature anyone who wants to be a member and contribute to the process should be allowed to apply for membership. In addition they called for a publicity campaign to heighten awareness of AMTSO's mission, identifying a number of specific target groups, messages aimed at those groups, and ways to deliver the message.

What about those who are interested in AMTSO and want to contribute but aren't prepared to pay the non-trivial membership fee? Their ideas have value too, and their interest is commendable. The board decided that a discussion forum would be the proper way to engage this group.

The Review of Reviews Board came up for some serious discussion. This committee of AMTSO exists to review published tests and report whether they comply with AMTSO guidelines or not. For many of the vendor members this process is the core of their interest in AMTSO - they want a method to deal with reviews that they feel treated their product unfairly. But why should the recipient of such a report care that AMTSO has analyzed their review? Until the group has significant visibility and credibility issuing such a report might be a mistake.

One member suggested that AMTSO in the meanwhile devise a simple self-assesment test that reviewers could take to determine whether their testing process meets AMTSO's guidelines. Those passing the test would be allowed to display a logo indicating that they passed self-assessment. Yes, they could lie on the test but eventually AMTSO would catch that. And meanwhile the group's message and visibility get a boost. This idea met with much enthusiasm.

If all goes as envisioned, over the next year or so more people will know and support AMTSO, more active members will join, and many testers will participate in the self-assessment. When the group has more visibility and mindshare it will be better equipped to accomplish its primary objective - improving anti-malware testing.

Of course in order for the board's plans to be effective the membership will have to support them. They'll get a chance at the AMTSO's coming full meeting in Prague. I won't be there, but I anticipate the membership will agree enthusiastically.

没有评论:

发表评论