Risk & Repeat: NSS Labs lawsuit shakes infosec industry

The NSS Labs lawsuit filed against three leading security vendors and the Anti-Malware Testing Standards Organization last week could reverberate through the infosec industry for years to come.

NSS Labs accused CrowdStrike Inc., Symantec and ESET, as well as AMTSO, of conspiring against the testing firm and preventing the company from performing independent tests on the vendors' antimalware and endpoint security products. The Antitrust suit alleges AMTSO, a trade organization representing antimalware vendors, and many of its members collectively decided to boycott NSS Labs and any other testing firm that did not adhere to the AMTSO Testing Standard, which NSS Labs claims is designed to benefit the vendor products.

In response, CrowdStrike denied those claims and accused NSS Labs of obtaining vendor products through fraudulent means. The NSS Labs lawsuit is the latest development in an ongoing feud between the testing firm and CrowdStrike, which requested a temporary restraining order in 2017 to prevent NSS Labs from publishing a report that included an unfavorable -- and incomplete -- review of CrowdStrike's Falcon platform. A judge denied the request.

What effects could the NSS Labs lawsuit have on the security industry? Can end-user license agreements restrict companies from testing or reviewing technology products? Should antimalware testing firms be forced to use the AMTSO's methodology for their reviews? SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more in this episode of the Risk & Repeat podcast.