OWASP samm

Join us at the Open Security Summit next June We have a dedicated SAMM track at the upcoming Open Security Summit (supported by OWASP)! You can register for on-site or remote participation here. OWASP SAMMv2 beta released for community review We are very proud to announce a new version of SAMM! Check it out on our new website: https://owaspsamm.org/. Please, read our notes on how to provide feedback.

OWASP SAMM v1.5 available in the downloads section! We are now working on the Beta release of OWASP SAMMv2, our work in progress is available online on our new web site. Join our monthly calls

  • The monthly call is on each 2nd Wednesday of the month at 21h30 CEST / 3:30pm EST.
  • Please join our GoToMeeting: https://global.gotomeeting.com/join/262891661
  • The call is open for everybody interested in SAMM or who wants to work on SAMM.

Join us on the OWASP SAMM project Slack channel

2019 OWASP SAMM Summit (3-7 JUNE 2019, Bedford, UK)

  • Join our 2019 OWASP SAMM Summit at Woburn Forest, Bedfordshire as part of the Open Security Summit.
  • We will organize working sessions in a 5-day sprint to draft SAMM v2.0.
  • Register online here
  • Sponsor the SAMM2, more details here

The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. SAMM helps you:

  • Evaluate an organization’s existing software security practices
  • Build a balanced software security assurance program in well-defined iterations
  • Demonstrate concrete improvements to a security assurance program
  • Define and measure security-related activities throughout an organization

Dell uses OWASP’s Software Assurance Maturity Model (Owasp SAMM) to help focus our resources and determine which components of our secure application development program to prioritize., (Michael J. Craigue, Information Security & Compliance, Dell, Inc.)

Get Involved

Involvement in the development of SAMM is actively encouraged!

You do not have to be a security expert in order to contribute.

Some of the ways you can help:


Please use the Github Issues for feedback:

  • What do like?
  • What don’t you like?
  • How can we make SAMM easier to use?
  • How could SAMM be improved?

Help us translate!

Are you fluent in another language? Can you help translate SAMM into that language?

You can use Crowdin to do that!

Call for SAMM2 Sponsors

OWASP SAMM and the upcoming SAMM 2.0 release is the open source software security maturity model used to develop secure software for IT, application and software security technologists.

We are seeking sponsors to support OWASP SAMM. All proceeds from the sponsorship support the mission of the OWASP Foundation and the further development of SAMM. Supporting the project drives the funding for research grants, SAMM hosting, tools, templates, documents, promotion, and more.

By sponsoring SAMM, you not only support an important and flagship OWASP project, you will also get visibility during the next SAMM Summit (part of the Open Security Summit 2019) and recognition on the OWASP SAMM web site and the next release of SAMM (version 2.0).

For more information: Contact seba@owasp.org

Project Sponsors