Help OWASP SAMM Improve Global Software Security
Friday, October 28, 2022
OWASP SAMM (Software Assurance Maturity Model) is the OWASP framework to help your organization assess, formulate, and implement a strategy for software security that can be integrated into your existing Software Development Lifecycle (SDLC). OWASP SAMM is fit for most contexts, whether your organization is mainly developing, outsourcing, or acquiring software, or whether you are using a waterfall, an agile or devops method, the same model can be applied.
One of the questions we get the most from our users is: “how do I compare to my peers?”. To answer this question, we started the SAMM Benchmark project. For this SAMM Benchmark project we wanted to get a preliminary idea of how SAMM is being used, by whom, and what are your experiences. We decided that a survey to collect an initial round of data would be beneficial to all and we will collect, interpret, and share the results with the SAMM community and industry at large.
We will review the results during our upcoming core team summit, so we would appreciate a response by November 3rd at the latest.
You will notice the term “practitioner” used a few times in the survey. In our context, a practitioner is someone that conducts SAMM assessments. They may be internal to the organization or external to the organization.
We do not collect any personal data in this survey, please answer as accurately and truthfully as possible. Thank you for taking the time to complete this survey and helping us improve the model to help the industry improve software security on a global scale.
Thank you very much for your input! If you would like to provide a testimonial about your use of SAMM, would like your organization to be listed as a SAMM practitioner, or for anything else: please send an email with your request to [email protected].
-The OWASP SAMM Project