OWASP Open SAMMY

Open SAMMY is an open-source Application Security Management tool designed to help organizations systematically assess, plan, and improve their security posture. Open SAMMY provides a structured way to manage OWASP SAMM (Software Assurance Maturity Model) assessments and improvement roadmaps.

How Open SAMMY Helps Organizations

With Open SAMMY, security teams can:

• Assess: Perform structured evaluations using the OWASP SAMM framework to understand the maturity of their software security practices.
• Plan: Generate actionable improvement plans based on identified gaps, tailored to organizational goals.
• Improve: Track progress over time, ensuring continuous enhancement of security capabilities.
• Demonstrate Improvements: Demonstrate tangible and measurable improvements to the organization and the team.

Key Features

• ✅ OWASP SAMM-Based Assessments – Conduct and manage assessments based on OWASP SAMM to gain insights into current security maturity.
• ✅ Roadmap Planning – Develop data-driven improvement plans to enhance application security processes.
• ✅ Open-Source & Community-Driven – As an OWASP project, Open SAMMY benefits from community contributions and transparency.
• ✅ Percent to Target – Support for the new OWASP SAMM Percent to target metric that provides a pragmatic answer to the “Not applicable” issue.
• ✅ Upcoming DSOMM Support – Future integration with OWASP DSOMM (DevSecOps Maturity Model) to expand security maturity assessments into DevSecOps.

Why Use Open SAMMY?

• Tailored for Application Security: Built specifically to align with OWASP SAMM, ensuring comprehensive security maturity management.
• Extensible & Future-Proof: Designed to support additional frameworks like OWASP DSOMM and other security models.

Get Started with Open SAMMY

• Explore the Project: OWASP Open SAMMY Repository
• Join the Community: OWASP Open SAMMY Project Page
• Contribute & Collaborate: Help shape the future of Open SAMMY by contributing to the open-source initiative.

Empower your application security journey with Open SAMMY – the open-source tool for managing security maturity with OWASP SAMM and beyond!

Roadmap

• Support for OWASP DSOMM
• Translations

Related Projects

OWASP Resources:

• OWASP Software Assurance Maturity Model (SAMM)
• OWASP DevSecOps Maturity Model (DSOMM)