It’s always great to see the words “I’m really impressed with what I’m reading in these standards.” He even goes over the “Best Practices for Dynamic Testing” document, which is relevant to properly evaluating ThreatFire and other behavioral-based anti-malware solutions — delivering malware to the system in the same way that a user would see it attacking their system. We were especially interested in the “Dynamic Testing” document details and crafting at the last Oxford meeting. He understands the issues addressed in the document, including issues with using Virtual Machines in testing, and the article finishes with a hint of the reality of the process: “Don’t expect that you’ll start seeing results compliant with these guidelines a lot. Testing like this is difficult and expensive and few labs are set up to do it. If all goes well, more will be from now on.”
It’s great to see positive interest in the testing standards already. Let’s hope that Larry and others at eWeek are interested in becoming a member as well.