Some readers will be aware of my long-standing connection with the Anti-Virus Information Exchange Network (AVIEN) at http://www.avien.net (I hold the title of Chief Operations Officer there). AVIEN has now instigated a member’s blog at http://www.avien.net/blog, and I’ve put up a couple of blogs today on testing to help kick it off (Andrew Lee, my former colleague at ESET, is also doing some blogging there).
Testing, Testing (yes, Andrew and I did use that as the title of an ESET conference paper!) asks whether an anti-malware testing organization can claim that its testing is "open and transparent" (i.e. in accordance with principle three of the AMTSO fundamental principles of testing document) if that information is only made available for a fee to the company that makes a tested product, and whether making such a charge before the test really qualifies as "vendor independent". (These are issues that are likely to come up for heated discussion at the AMTSO Workshop in Prague next month.)
Blog Reviews points to some resources addressing the FTC ’s (Federal Trade Commission) attempt to make bloggers who review products (not just AV products, of course) more accountable by making them declare financial interest/bias. This is, of course, an example of AMTSO’s principle two in action: it deals with bias, financial incentives and so on.
David Harley BA CISSP FBCS CITP
Director of Malware Intelligence
ESET Threatblog (TinyURL with preview enabled): http://preview.tinyurl.com/esetblog
ESET Threatblog notifications on Twitter: http://twitter.com/esetresearch
ESET White Papers Page: http://www.eset.com/download/whitepapers.php
Securing Our eCity community initiative: http://www.securingourecity.org/
Author David Harley, ESET