Software Assurance Maturity Model

Our mission is to provide an effective and measurable way for all types of organizations to analyze and improve their software security posture. We want to raise awareness and educate organizations on how to design, develop, and deploy secure software through our self-assessment model. SAMM supports the complete software lifecycle and is technology and process agnostic. We built SAMM to be evolutive and risk-driven in nature, as there is no single recipe that works for all organizations.

SAMM User Day!

On June 16th, 2020 we’re having our first OWASP SAMM User Day online. During this User Day, we’ll share our practical experiences and lessons learned when using OWASP SAMM to improve your secure development practices.
Check it out on our SAMM website.
SAMM Website

Join our monthly calls

Join us on the OWASP SAMM project Slack channel

The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. SAMM helps you:

  • Evaluate an organization’s existing software security practices
  • Build a balanced software security assurance program in well-defined iterations
  • Demonstrate concrete improvements to a security assurance program
  • Define and measure security-related activities throughout an organization

Dell uses OWASP’s Software Assurance Maturity Model (Owasp SAMM) to help focus our resources and determine which components of our secure application development program to prioritize., (Michael J. Craigue, Information Security & Compliance, Dell, Inc.)

Get Involved

Involvement in the development of SAMM is actively encouraged!

You do not have to be a security expert in order to contribute.

Some of the ways you can help:


Please use the Github Issues for feedback:

  • What do like?
  • What don’t you like?
  • How can we make SAMM easier to use?
  • How could SAMM be improved?

Help us translate!

Are you fluent in another language? Can you help translate SAMM into that language?

You can use Crowdin to do that!

Call for SAMM Sponsors

OWASP SAMM and the SAMM v2 release is the open source software security maturity model used to develop secure software for IT, application and software security technologists.

We are seeking sponsors to support OWASP SAMM. All proceeds from the sponsorship support the mission of the OWASP Foundation and the further development of SAMM. Supporting the project drives the funding for research grants, SAMM hosting, tools, templates, documents, promotion, and more.

By sponsoring SAMM, you not only support an important and flagship OWASP project, you will also get visibility during the next SAMM User Conference and recognition on the OWASP SAMM web site and the next releases of SAMM.

For more information: Contact [email protected]

Project Sponsors