…not to mention exasperated, at the flurry of bad press that AMTSO (the Anti-Malware Testing Standards Organization) is suddenly receiving.
A few days ago, following an interesting blog by Kevin Townsend here to which I contributed some thoughts, I thought the time might be right for some healthy discussion about how the organization might engage better with the general user population, and used that topic as the basis for the first of a series of monthly articles I'm doing for Security Week.
That seems academic now.
Apparently, depending on which article you read:
Somewhere in this welter of misinformation, well-meant but muddled thinking, and black propaganda, there are some issues that need clarifying. But there's too much confusion (I can't get no relief) to address it all at once, or all in one place. Watch this space for further information. And while you're waiting, you might want to check the documentation and other resources at the AMTSO web site to see what the organization really proposes and what it is really trying to achieve, however slow you may think its progress has been to date.
It's not all bad, though. I'm not sure Kurt Wismer will thank me for mentioning his name or his blog, since there's a chance that because I have, he'll now be targeted for the same attacks that I've been subjected to as an individual as well in my capacity as one of AMTSO's directors. Nonetheless, he's put up some relevant, objective and informed comments that deserve to be read by more people. I'm pretty sure he doesn't think AMTSO is perfect (neither do I!), but he does seem to have a pretty firm grip on reality.
By the way, if you'd like a less exasperated, more official reaction from AMTSO to some of the recent press, such a statement is quoted more or less in full on the AMTSO blog here.
David Harley CITP FBCS CISSP
Speaking for himself, not ESET or AMTSO