OWASP SAMMwise

At the SAMM Core Team Summit, 22-25 March, the team decided that maintenance and further development of the SAMMwise SAMM assessment tool would not be supported within the scope of the SAMM Project.

This project is intended to facilitate maintenance and enhancements of the SAMMwise tool, independently of the SAMM model against which assessments are performed.

The original SAMMwise tool was donated to OWASP by Datacom (NZ) in 2022, with its codebase added to the owaspsamm GitHub repository. It’s a JavaScript single-page web application, intended to execute in the user’s browser.

Road Map

The SAMMwise tool donated to OWASP in 2022 was a minimum viable product (MVP) release, developed by a small team at Datacom (NZ) over a few weeks.

The first phase of the project will entail updating the MVP application, to produce a reliable Version 1.0 application with the same functionality, but will existing known issues (functional bugs and security findings) resolved.

The second phase will focus on enhancing the application, to support viewing assessment trends across several points in time (roadmap milestones), and implementing Benchmark submission functionality.

The third phase will entail creating an ‘enterprise’ dashboard, allowing an organisation’s users to browse the full set of stored assessments, filter and sort them by various criteria (name, date, overall “SAMM Score,” status, etc.), and creating basic visualizations combining results from two or more assessments.