David Harley ESET
Andrew Lee K7 Computing
The well-documented problems with WildList testing derive from difficulties in adjusting to the 21st Century threat landscape. The (obviously overstretched) WildList Organization's focus on self-replicating malware, which nowadays comprises a small percentage of the whole range of malware types; the lengthy testing and validation process between the appearance and the inclusion of a specific malicious program, and the availability of the underpinning test set to WildList participants are all cited as objections to the validity of WildList testing, and some vendors and testing organizations have heavily criticized it, some vendors even withdrawing from testing that relies heavily on it.
In line with AMTSO's preference for dynamic over static testing, most mainstream testers have supplemented or replaced WildList testing with some form of dynamic methodology, which, done correctly, is assumed to be a better reflection of today's user experience. So does WildList testing still have a place in testing and certification? Is it still a meaningful differentiator? If it isn't, does that mean that sample validation is no longer considered a practical objective for testers, or is that a misreading of the AMTSO guidelines on dynamic testing?
This paper summarizes the static/dynamic debate, examining the contemporary relevance of the WildList and WildCore.
