Gene commented on my earlier post here, stressing the importance of having a low or no-cost membership option for “those of us out in the trenches”. I’m getting a bit tired of far-fetched Great War metaphors that portray AMTSO as the generals miles back behind the lines sending the Poor Bloody Infantry to face trench foot and shrapnel in the trenches: from where I’m standing, the mud and the shrapnel are far too close for comfort. But he does make some points worth discussing.
Apparently he is building a security education resource with “a strong emphasis on practical security measures.” Full marks for good intentions. Indeed, security education is part of our remit, too: hence the resources section on the AMTSO web site, which holds (or points to) a great deal of information related to testing. And while most of the content of the documents page is primarily aimed at aspiring testers, some of it at least holds value for people whose interest is less specific. Certainly the Principles document is a useful overview of what constitutes a good or bad test, and that’s potentially useful to a far wider audience. And you don’t have to pay for it, or be a member of AMTSO to access it.
I think it’s important for AMTSO to engage with the population at large. (I’ve been saying so for years.) Not because AMTSO’s credibility is so fragile that it can’t achieve anything without user input, but because making more people aware of the shortcomings of so much current testing is a great way to encourage testers to raise the bar.
I think low-priced subscriptions with restricted privileges would be one good way to achieve that, and the legal implications of that model are being considered at the moment. I don’t think that dropping the price so low that the organization can no longer maintain its present activities, as one critic suggests, makes any sense at all. To take up one of Gene’s points, the subscription isn’t “priced for corporations”: it’s priced to meet the needs of the organization given the anticipated number of members from year to year.
The question that still interests me is this: if and when we have some form of basic membership that interested individuals can reasonably afford, what would people expect to get back from it? Here are some possibilities that occur to me.
- More information about the organization and its activities, obviously.
- Participation in a general mailing list.
- More information (or at least pointers to more information) about testing (or at least security product testing) in general.
- The opportunity to express opinions and make suggestions.
What else? In particular, what would you expect that isn’t already freely available from the AMTSO web site and this blog site?
David Harley
Anti-Malware Testing 
Leave a Reply