This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OpenSAMM Adopters
From OWASP
List of Organizations Using OpenSAMM
Organization Name | Contact | Role | Organization Type (*) | Region | Testimonial |
---|---|---|---|---|---|
Dell, Inc. | Michael J. Craigue | Information Security & Compliance | Technology | US | OWASP.org is a valuable resource for any company involved with online payment card transactions. Dell uses OWASP’s Software Assurance Maturity Model (OpenSAMM) to help focus our resources and determine which components of our secure application development program to prioritize. Participation in OWASP’s local chapter meetings and conferences around the globe helps us build stronger networks with our colleagues. |
KBC | Johan Jacobs | ICT Department Head | Banking | Europe | - |
Gotham Digital Science | Matt Bartoldus | Co-Founder & Director | Security services | Global | SAMM has defined the building blocks for effective software security assurance… Our clients can use the model to see what needs to be done and what skills and resources are needed to do the job. Best of all, businesses can use SAMM to quantify results and improvements by assessing practices against SAMM activities. |
Fortify Software | Brian Chess | Founder & Chief Scientist | Security services | Global | These days people understand that security has to be built in–it can’t be bolted on. But for many a big question remains: what does it take to build secure software? SAMM tackles that question head on with a framework for creating and growing a software security initiative. SAMM has focused the way I think about the human side of the software security problem. |
ING Insurance International | Rob Moes | IT Security Manager | Insurance | Europe | Within ING Insurance International we adopted SAMM as it is a practical standard which provides guidance to build an Secure Application Development organization in clear and distinctive steps. |
ISG | Christian Heinrich | Application Security Manager | Health | Australia | ISG has integrated both OpenSAMM and BSIMM to measure security improvement over time in addition to our overall measurement of the "Capability Maturity Model for Software Development" published by Carnegie Mellon University". |
SITA (http://www.sita.aero) |
Dave Ockwell-Jenner | VP Product Security | Air Transport ITC | Global | Our organization initiated it's software security program in response to the changing threat landscape in our industry. We adopted SAMM as the primary framework to plan, design, and drive implementation across our global software development organization. Combined with governance, training and an evolutionary approach to implementation (courtesy of SAMM) we have seen an approximate 75% increase in maturity and corresponding drop in potential security defects over the course of the program. Secure Software Development is now business-as-usual!. |
HP (http://www.hp.com) |
Brian Hanson | Senior Security Architect | IT services | Global | When it came to evaluating product development environments, HP’s scale and density presented a tough challenge for us. OpenSAMM has proved to be an invaluable tool to baseline our current SDL maturity and measure onward improvements. Importantly, we are able to easily demonstrate our current capability level vis-à-vis industry standards and provide compelling business cases for our future investment portfolio. |
RES Software (http://res.com/) |
Jacco van Tuijl | Security Architect | software vendor/ development | Global | OpenSAMM helped us implementing secure software development life cycle step-by-step. The available content and tools saved us a lot of time.' |
Toreon (http://www.toreon.com) |
Sebastien Deleersnyder | Managing Partner | IT services | Global | We regularly use OWASP SAMM to create software security roadmaps for our customers |
TwelveSec (http://www.TwelveSec.com) |
Koukouras Yiannis | Managing Director | IT Services | Europe | OpenSAMM is the default framework we use in order to strengthen the Secure SDLC process of our customers in a systematic and measurable fashion. It is the best available option to embed security controls in an existing SDLC process regardless of the followed methodology (RUP, Scrum etc.), the volume of the project, the size and the risk profile of the target organisation. Moreover, it can smoothly integrate with other resources provided by OWASP, like ASVS, Secure Coding Standard, Top 10 proactive controls, SKF, Testing Guide etc. delivering a holistic approach to realize the Secure-by-Default concept. |
UniSystems S.A. (http://www.unisystems.eu) |
Andreas Athanasoulias | Information Security Officer & Services Team Leader | Systems Integrator & Software House | Europe | UniSystems has integrated the OpenSAMM framework into its certified by ISO 27001:2013 Information Security Management System (ISMS) and adopts it throughout the development lifecycle. |
Trasys Greece (http://www.trasys.gr) |
Angelos Moschovinos | Country Manager | IT Services | Europe | - |
<Fill in Organisation Name> | <Fill in Contact First Name, Family Name> | <Fill in Contact role in the organisation> | <Fill in Organisation Type: Government, Finance, Healthcare, ...> | <Fill in Region: Continent, Country> | <Fill in Contact Testimonial - OPTIONAL> |