The OWASP SAMM™ (Software Assurance Maturity Model) is a community-led open-sourced framework that allows teams and developers to assess, formulate, and implement strategies for better security which can be easily integrated into an existing organizational Software Development Lifecycle (SDLC).
Release v2 of SAMM has evolved to include automation while improving its alignment with development team workflows. This new release includes a Quick Start Guide, the SAMM ToolBox that performs assessments and creates roadmaps, and a new Benchmark Initiative that helps teams compare maturity and progress with like-organizations.
Using a single GitHub source, the SAMM team now automatically generates the Maturity Model that includes PDF documents, a website, along with the companion toolbox and applications. Model content has been converted to YAML files, improving automation while also allowing tools or other SAMM consumers to automatically use the model.
The new model supports maturity measurements both from coverage and quality perspectives. New quality criteria are added for all the activities. The latest version of SAMM v2 can be downloaded from https://owasp.org/www-project-samm.
Project co-leaders Seba Deleersnyder and Bart De Win said, “This is a really important release for the project team. After three years of preparation, the team, our SAMM community, and through the help of our sponsors we now have an effective and measurable way for all types of organizations to analyze and improve their software security posture.”
“For nearly twenty years our community continues to deliver some of the most useful and innovative tools that help developers and teams secure software,” said Mike McCamon executive director of OWASP. He continued, “Along with our other Flagship Projects including the forthcoming 2020 OWASP Top Ten, we congratulate the extended OWASP SAMM team on this release.”
The OWASP SAMM project would not be possible without our supporters, members and contributions from Brett Crawley, Brian Glas, Bruce Jenkins, Chris Cooper, Daniel Kefer, Hardik Parekh, John Dileo, John Ellingsworth, John Kennedy, Nessim Kisserli, Patricia Duarte, Sebastian Arriada and Yan Kravchenko. OWASP SAMM Project corporate supporters include Concord, Micro Focus Fortify, NCC Group, Toreon, PWC and Splunk.
About the OWASP Foundation
The Open Web Application Security Project (OWASP) is a nonprofit organization that works to improve the security of software. Through community-led open source software projects, hundreds of local chapters worldwide, tens of thousands of members, and leading educational and training conferences, the OWASP Foundation is the source for developers and technologists to secure the web. For nearly two decades corporations, foundations, developers, and volunteers have supported the OWASP Foundation and its work. To learn more or to become a member, visit https://owasp.org.
About OWASP SAMM
The OWASP SAMM community is powered by security knowledgeable volunteers from businesses and educational organizations. The global community works to create freely-available articles, methodologies, documentation, tools, and technologies. The latest version of SAMM can be downloaded from https://owasp.org/www-project-samm.
OWASP, Open Web Application Security Project, the OWASP logo, and OWASP SAMM are trademarks of the OWASP Foundation, Inc.