So the CARO workshop came and went (and very good it was too): unfortunately, because of the nature of the event, I can’t tell you too much about it. However, at least some of the presentations are expected to be made available soon, and we’ll pass on that information when we have it.
After a very pleasant evening spent with ESET’s partners in Budapest, we were back in the same room, in many cases with the same people, for another meeting of the Anti-Malware Testing Standards Organization (AMTSO). A great deal of progress was made: in particular, papers on sample validation and testing "in the cloud" products were approved by the members present, as was a document defining the procedures associated with the work of the Review Analysis Board. Those should be available on the newly re-vamped web site soon. Some useful work was done on some of the other papers still in progress, and some new documentation projects were discussed and initiated.
This week, Randy and I are in Berlin for EICAR, where we are presenting a paper on execution context in testing. In fact, there turns out to be quite a lot of testing-related material on the agenda, and I’m particularly looking forward to a panel session including representatives of EICAR, and AMTSO (and ICSAlabs, which is a member of AMTSO) called "About testing malware products: Problems and Answers?" There should be a great deal of common ground between these groups, who are, after all, all in active pursuit of the same objective – that is, improving testing practice – so I’m hoping, in particular, to see some positive cooperation between EICAR and AMTSO coming out of these discussions.
David Harley BA CISSP FBCS CITP
Director of Malware Intelligence
Author David Harley, We Live Security