Software Assurance Maturity Model
Our mission is to provide an effective and measurable way for all types of organizations to analyze and improve their software security posture. We want to raise awareness and educate organizations on how to design, develop, and deploy secure software through our self-assessment model. SAMM supports the complete software lifecycle and is technology and process agnostic. We built SAMM to be evolutive and risk-driven in nature, as there is no single recipe that works for all organizations.
SAMM User Day!
On June 16th, 2020 we’re having our first OWASP SAMM User Day online. During this User Day, we’ll share our practical experiences and lessons learned when using OWASP SAMM to improve your secure development practices.
Check it out on our SAMM website.
Join our monthly calls
- The monthly call is on each 2nd Wednesday of the month at 21h30 CET / 3:30pm ET.
- Please join our Zoom meeting: https://zoom.us/j/934671982
- The call is open for everybody interested in SAMM or who wants to work on SAMM.
Join us on the OWASP SAMM project Slack channel
- Join our project slack channel on https://owasp.slack.com/messages/C0VF1EJGH
- If you do not have an OWASP Slack workspace account yet, contact one of our project leaders to get an invite link.
The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. SAMM helps you:
- Evaluate an organization’s existing software security practices
- Build a balanced software security assurance program in well-defined iterations
- Demonstrate concrete improvements to a security assurance program
- Define and measure security-related activities throughout an organization
Dell uses OWASP’s Software Assurance Maturity Model (Owasp SAMM) to help focus our resources and determine which components of our secure application development program to prioritize., (Michael J. Craigue, Information Security & Compliance, Dell, Inc.)
Involvement in the development of SAMM is actively encouraged!
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
Please use the Github Issues for feedback:
- What do like?
- What don’t you like?
- How can we make SAMM easier to use?
- How could SAMM be improved?
Help us translate!
Are you fluent in another language? Can you help translate SAMM into that language?
You can use Crowdin to do that!
Call for SAMM Sponsors
OWASP SAMM and the SAMM v2 release is the open source software security maturity model used to develop secure software for IT, application and software security technologists.
We are seeking sponsors to support OWASP SAMM. All proceeds from the sponsorship support the mission of the OWASP Foundation and the further development of SAMM. Supporting the project drives the funding for research grants, SAMM hosting, tools, templates, documents, promotion, and more.
By sponsoring SAMM, you not only support an important and flagship OWASP project, you will also get visibility during the next SAMM User Conference and recognition on the OWASP SAMM web site and the next releases of SAMM.
For more information: Contact [email protected]