Service to human race or fame seeking selfishness?

Elements of human judgment used to vet trustworthiness can also written on paper. It should not a difficult step to outline such methodological description.

Besides it looks like you are describing how people decide their private friendships. I wonder if with circle of trust you were referring to this.
Again considering your whole viewpoint and not that single sentence I have to assume you didn’t.

I outlined my concerns in my previous posts. The entire AV ecosystem carry a public service task worldwide and is formed by many different entities and appears to be mostly self-regulated. Instead to implicitily trust the entire system I wish to know more about the specific details whereas I have concerns or speculations.

I implicitely trusted you to not misrepresent my viewpoint before, I was too naive. I never stated that trade of biological viruses are unrestricted and I think that such regulations are not “private”.

I don’t have to make claims either as biological viruses are approached with much different attitude to the point there is a sovra-national organization.

Every year, the World Health Organization predicts which strains of the virus are most likely to be circulating in the next year, allowing pharmaceutical companies to develop vaccines that will provide the best immunity against these strains.

Besides I’ll simply restate the obvious as you obviously missed my point.

Like methodologies are published and thoroughfully documented so should be vetting procedures.

To be more precise I guess I should state that I was not able to find a public and thorough description of such vetting procedures.

Once a methodology is published it is also possible to know how the end result (the test or vetting procedure) should be regarded.
This is the reason methodological paper are released along tests.

Methodological papers are not published on a whim they are to correctly interpret the end results and possibly know what could be inferred.

It’s not as simple as saying I trust Jane Doe then her test is reliable, but I trust Jane Doe to carry her test following the stated methodology hence I can correctly interpret her results.

While I still think that public services or regulation would be a fitting alternative to the current AV ecosystem I can only add, for example, that that in case of public regulation the vetting procedures or application rejections are thorougfully documented even if not always publicly disclosed. I also assume Public regulations to be open for comments and improvements in order to better serve the public.

Like I said before.

Numbers do tell the truth (I could add within the stated published methodology)
They surely do for detection rates of known samples.

If it’s all that matters.

Yes I could privately email any AV company or tester out there who did not publicly and thoroughfully disclose its/her/his vetting procedures and methodologies and ask for clarification and even speculate on eventual vetting differences.

I should also be ashamed for wondering about such irrelevant things, I guess.

Even if I cannot completely exclude that such vetting procedure are or will be publicly and thoroughfully disclosed I still feel such deregulation to be inappropriate for a possibly pandemic threat like computer viruses.

Besides I think the entire AV ecosystem should be regarded as a whole.

Even if each single entity of this system got an ISO-9000 certification that will only pertain a single entity as a distinct element from the whole whereas it’s the entire AV ecosystem that carry the entire public service process.

Perhaps, perhaps not. But that article was hardly written to specifically describe vetting procedures as its purpose. I posted it as an example simply because you were describing sample sharing between vendors as “private agreements” that were dictated by “business logic” - a misleading claim at best.

Your previous posts outlined bias, discrimination, “private agreements”, “business logic”, and malware not being shared because their collecters viewed them as “private property”, among others. I take it that you have learned something from this discussion, that you are now at least willing to admit you have no idea if those elements as you describe them actually exist at all.

Then what were you trying to state, exactly? If you were trying to say that trade of biological viruses are indeed restricted and bound by regulations, then you wouldn’t have needed to raise the issue as a contrasting comparison at all. I suspect you know better than anyone else that your viewpoint has not been misrepresented. You raised the issue of biological viruses to challenge the current status quo of malware sharing being bound by regulations and agreements. But your example was faulty - and that’s all there is to it.

IMHO that page as it is represent an inappropriate example because without an implicit context you are assuming it generates a circular reference.

IMHO it failed to thoroughfully explain what happens and while I could be inclined to trust it as it is this does not mean that a different link about vetting procedures and methodologies would have been more exhaustive. Provided it doesn’t address what I obviosly tried to explain in my last post.

I wish you to remember that it was you who introduced the term discrimination in this discussion.

As you obviously misinterpreted many points I expressed, I still think that a per case individual agreement between private parties is what I consider applicable to private property.

Besides I guess I should explicitely state that I don’t think that malware samples should be shared using a Creative commons license either

What I could grasp from your presentation it is the same ‘Perhaps, perhaps not’ you used few times already.

That was simply to point a different model implicitely neglected by your presentation.

At least I see you to use the term agreement. You did not use self-regulation this time though.
I certainly did not state there are no rules and I guess you could agree that there is deregulation.

You could also be inclined to misgivings and continue to regard them as subject to “business logic” in such transactions even without any leads or evidence. Why the sudden generosity with the benefit of doubt now?

I wish I could provide you with more concrete evidence, but since I’m not an industry insider myself most of my knowledge of such matters are from anecdotal evidence during correspondence with those who are inside the industry. As I’ve said, I believe the same venue is open to you should you be genuinely interested in facts instead of simply taking the easy way out and subscribing to FUD.

The synonymical term, yes. The concept, no. And certainly at no point in this discussion was I a proponent of its existence; I believe that distinction belongs to you.

And what model would that be? Regulations exist all the same. In the case of the pharmaceutical industry it is well-regulated by government and international bodies. In the absence of those bodies in the antivirus industry the vendors take it upon themselves to set self-imposed standards so as to preserve integrity and professionalism. You don’t simply hand out samples to anyone who asks for it; that holds true for both drug companies AND antivirus vendors.

Yes, if only to describe your side of the argument.

I did reply in a similiar way when you first posted that specific example.

I don’t wish to abuse your posted evidence either nor I wish to deliberately misrepresent your viewpoint.

Other than possibly deem my viewpoint as a conjecture and invite all possible readers to deem your presentation in much higher regard than mine and invite them to possibly read it from the begin there is nothing much I can do other that triggering an endless recursive dicussion every time you post something that IMHO falls in the “possibly, possibliy not” speculation.

This doesn’t mean I can accept the current AV ecosystem like it is now and implicitely trust it nor that I cannot have any concerns until I have asked for informations all around the world.

I guess this mean I failed to explain the distinction between vetting as end result and vetting procedures and methodologies.
I guess I have to explicitely state that if a methodology is flawed this does’t mean it was deliberately designed that way either.

Regulations are not all the same though. Self-imposed standards pertain a deregulation approach.

I don’t see the need to restate this since I explicitely said “Besides I guess I should explicitely state that I don’t think that malware samples should be shared using a Creative commons license either” maybe I should have explicitely mentioned public domain licenses.