This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP SAMM Project"

From OWASP
Jump to: navigation, search
m (Minor updates to bring information current)
 
(40 intermediate revisions by 4 users not shown)
Line 3: Line 3:
  
 
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |
+
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |
  
 
<div style="font-size:120%;border:none;margin: 0;color:#000">
 
<div style="font-size:120%;border:none;margin: 0;color:#000">
  
'''OWASP SAMM v1.5 available in the downloads section!''' (Announcement Coming)
+
'''Join us at the Open Security Summit next June'''<br>
 +
We have a dedicated [https://opensecuritysummit.org/tracks/owasp-samm/ SAMM track] at the upcoming Open Security Summit (supported by OWASP)!<br>
 +
You can register for on-site or remote participation [https://opensecuritysummit.org/tickets/ here].<br>
 +
 
 +
'''OWASP SAMMv2 beta released for community review'''<br>
 +
We are very proud to announce a new version of SAMM!<br>
 +
Check it out on our new website: https://owaspsamm.org/.<br>
 +
Please, read our notes on how to provide [https://owaspsamm.org/v2.0b/feedback/ feedback].
 +
 
 +
'''OWASP SAMM v1.5 available in the downloads section!'''<br>
 +
We are now working on the Beta release of OWASP SAMMv2, our work in progress is available [https://owaspsamm.org online on our new web site]. <br>
 +
 
 +
'''Join our monthly calls'''
 +
* The monthly call is on each 2nd Wednesday of the month at 21h30 CEST / 3:30pm EST. <br>
 +
* Please join our GoToMeeting: https://global.gotomeeting.com/join/262891661 <br>
 +
* The call is open for everybody interested in SAMM or who wants to work on SAMM. <br>
 +
 
 +
'''Join us on the OWASP SAMM project Slack channel'''
 +
* Join our project slack channel on https://owasp.slack.com/messages/C0VF1EJGH
 +
* If you do not have an OWASP Slack workspace account yet, contact one of our project leaders to get an invite link.
 +
 
 +
'''2019 OWASP SAMM Summit (3-7 JUNE 2019, Bedford, UK)'''
 +
* Join our 2019 OWASP SAMM Summit at Woburn Forest, Bedfordshire as part of the [https://open-security-summit.org/ Open Security Summit].
 +
* We will organize working sessions in a 5-day sprint to draft SAMM v2.0.
 +
* Register online [https://open-security-summit.org/tickets/ here]
 +
* Sponsor the SAMM2, more details [https://www.owasp.org/index.php/OWASP_SAMM_Project#tab=Project_Sponsors here]
  
 
The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. SAMM helps you:
 
The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. SAMM helps you:
Line 23: Line 48:
 
{{Social Media Links}}
 
{{Social Media Links}}
  
| valign="top" style="padding-left:25px;width:200px;" |
+
| valign="top" style="padding-left:25px;width:200px;" |
  
 
== Quick Download v1.5 ==
 
== Quick Download v1.5 ==
[https://www.owasp.org/images/8/8d/OWASP_SAMM_v1.5.zip All SAMM v1.5 files (.zip)] <br>
+
[https://github.com/OWASP/samm/raw/master/Supporting%20Resources/v1.5/Final/OWASP_SAMM_v1.5.zip All SAMM v1.5 files (.zip)] <br>
[https://www.owasp.org/images/6/6f/SAMM_Core_V1-5_FINAL.pdf SAMM Core Model] <br>
+
[https://github.com/OWASP/samm/raw/master/Supporting%20Resources/v1.5/Final/SAMM_Core_V1-5_FINAL.pdf SAMM Core Model] <br>
[https://www.owasp.org/images/3/30/SAMM_How_To_V1-5_FINAL.pdf How-To Guide] <br>
+
[https://github.com/OWASP/samm/raw/master/Supporting%20Resources/v1.5/Final/SAMM_How_To_V1-5_FINAL.pdf How-To Guide] <br>
[https://www.owasp.org/images/1/18/SAMM_Quick_Start_V1-5_FINAL.pdf Quick Start Guide] <br>
+
[https://github.com/OWASP/samm/raw/master/Supporting%20Resources/v1.5/Final/SAMM_Quick_Start_V1-5_FINAL.pdf Quick Start Guide] <br>
[https://www.owasp.org/images/9/98/SAMM_Assessment_Toolbox_v1.5_FINAL.xlsx SAMM Toolbox] <br>
+
[https://github.com/OWASP/samm/raw/master/Supporting%20Resources/v1.5/Final/SAMM_Assessment_Toolbox_v1.5_FINAL.xlsx SAMM Toolbox] <br>
[https://www.owasp.org/images/8/84/SAMM_Assessment_Toolbox_v1.5-Example_FINAL.xlsx SAMM Toolbox Example] <br>
+
[https://github.com/OWASP/samm/raw/master/Supporting%20Resources/v1.5/Final/SAMM_Assessment_Toolbox_v1.5-Example_FINAL.xlsx SAMM Toolbox Example] <br>
 
[https://github.com/OWASP/samm/ OWASP SAMM on GitHub]
 
[https://github.com/OWASP/samm/ OWASP SAMM on GitHub]
  
 
== Quick Download v1.1.1 ==
 
== Quick Download v1.1.1 ==
  
[https://www.owasp.org/images/e/ec/SAMM_Core_V1-1-Final-1page.pdf SAMM Core Model]<br>
+
[https://github.com/OWASP/samm/raw/master/Supporting%20Resources/v1.1/Final/SAMM_Core_V1-1-Final-1page.pdf SAMM Core Model]<br>
[https://www.owasp.org/images/2/2c/SAMM_How_To_V1-1-Final-1page.pdf How-To Guide] <br>
+
[https://github.com/OWASP/samm/raw/master/Supporting%20Resources/v1.1/Final/SAMM_How_To_V1-1-Final-1page.pdf How-To Guide] <br>
[https://www.owasp.org/images/8/89/SAMM_Quick_Start_V1-1-Final-1page.pdf Quick-Start Guide] <br>
+
[https://github.com/OWASP/samm/raw/master/Supporting%20Resources/v1.1/Final/SAMM_Quick_Start_V1-1-Final-1page.pdf Quick-Start Guide] <br>
[https://www.owasp.org/images/e/e3/OpenSAMM_Assessment_Toolbox_v1-1-1-Final.xlsx Updated SAMM Tool Box]<br>
+
[https://github.com/OWASP/samm/raw/master/Supporting%20Resources/v1.1/Final/SAMM_Assessment_Toolbox_v1-1-Final.xlsx Updated SAMM Tool Box]<br>
 
[https://github.com/OWASP/samm OWASP SAMM on GitHub]
 
[https://github.com/OWASP/samm OWASP SAMM on GitHub]
  
Line 46: Line 71:
  
 
== Change Log ==
 
== Change Log ==
* OWASP SAMM v1.5 Released! (Feb 28, 2017)
+
* OWASP SAMM v1.5 Released! ([http://www.prnewswire.com/news-releases/owasp-samm-v15-helps-organizations-improve-their-security-posture-300439237.html Press Release])
 
* OWASP SAMM v1.1 Released! ([http://www.prnewswire.com/news-releases/owasp-releases-software-assurance-maturity-model-samm-version-11-for-improving-software-security-300236836.html Press Release])
 
* OWASP SAMM v1.1 Released! ([http://www.prnewswire.com/news-releases/owasp-releases-software-assurance-maturity-model-samm-version-11-for-improving-software-security-300236836.html Press Release])
 
* OpenSAMM v1.1 RC - [http://lists.owasp.org/pipermail/samm/2015-December/000758.html available for review]
 
* OpenSAMM v1.1 RC - [http://lists.owasp.org/pipermail/samm/2015-December/000758.html available for review]
Line 56: Line 81:
 
== Project Leaders ==
 
== Project Leaders ==
  
[https://www.owasp.org/index.php/User:Sdeleersnyder Seba Deleersnyder] <br/>  [https://www.owasp.org/index.php/User:Bart_De_Win Bart De Win] <br/> [https://www.owasp.org/index.php/User:Brianglas Brian Glas]
+
[https://www.owasp.org/index.php/User:Sdeleersnyder Seba Deleersnyder] <br />  [https://www.owasp.org/index.php/User:Bart_De_Win Bart De Win]
  
 
== Related Projects ==
 
== Related Projects ==
Line 67: Line 92:
 
   {| width="200" cellpadding="2"
 
   {| width="200" cellpadding="2"
 
   |-
 
   |-
   | align="center" valign="top" rowspan="2" width="50%" | [[File:Owasp-flagship-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]]
+
   | rowspan="2" align="center" valign="top" width="50%" | [[File:Owasp-flagship-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]]
   | align="center" valign="center" width="50%"| [[File:Owasp-defenders-small.png|link=]]
+
   | align="center" valign="center" width="50%" | [[File:Owasp-defenders-small.png|link=]]
 
   |
 
   |
 
   |-
 
   |-
   | align="center" valign="center" width="50%"| [[File:Owasp-builders-small.png|link=]]   
+
   | align="center" valign="center" width="50%" | [[File:Owasp-builders-small.png|link=]]   
 
   |-
 
   |-
   | colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
+
   | colspan="2" align="center" | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
 
   |-
 
   |-
   | colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
+
   | colspan="2" align="center" | [[File:Project_Type_Files_DOC.jpg|link=]]
 
   |}
 
   |}
  
Line 92: Line 117:
 
|[https://www.owasp.org/index.php/SAMM_-_Governance https://www.owasp.org/images/f/f7/G.png]
 
|[https://www.owasp.org/index.php/SAMM_-_Governance https://www.owasp.org/images/f/f7/G.png]
 
|-
 
|-
|align="center"|'''Strategy & Metrics'''
+
| align="center" |'''Strategy & Metrics'''
 
|{{SAMM-BadgeList|name=Strategy_&_Metrics|abbr=SM|padding=0}}
 
|{{SAMM-BadgeList|name=Strategy_&_Metrics|abbr=SM|padding=0}}
 
|-
 
|-
|align="center"|'''Policy & Compliance'''
+
| align="center" |'''Policy & Compliance'''
 
|{{SAMM-BadgeList|name=Policy_&_Compliance|abbr=PC|padding=0}}
 
|{{SAMM-BadgeList|name=Policy_&_Compliance|abbr=PC|padding=0}}
 
|-
 
|-
|align="center"|'''Education & Guidance'''
+
| align="center" |'''Education & Guidance'''
 
|{{SAMM-BadgeList|name=Education_&_Guidance|abbr=EG|padding=0}}
 
|{{SAMM-BadgeList|name=Education_&_Guidance|abbr=EG|padding=0}}
 
|-
 
|-
 
|[https://www.owasp.org/index.php/SAMM_-_Construction https://www.owasp.org/images/e/ee/C.png]
 
|[https://www.owasp.org/index.php/SAMM_-_Construction https://www.owasp.org/images/e/ee/C.png]
 
|-
 
|-
|align="center"|'''Threat Assessment'''
+
| align="center" |'''Threat Assessment'''
 
|{{SAMM-BadgeList|name=Threat_Assessment|abbr=TA|padding=0}}
 
|{{SAMM-BadgeList|name=Threat_Assessment|abbr=TA|padding=0}}
 
|-
 
|-
|align="center"|'''Security Requirements'''
+
| align="center" |'''Security Requirements'''
 
|{{SAMM-BadgeList|name=Security_Requirements|abbr=SR|padding=0}}
 
|{{SAMM-BadgeList|name=Security_Requirements|abbr=SR|padding=0}}
 
|-
 
|-
|align="center"|'''Secure Architecture'''
+
| align="center" |'''Secure Architecture'''
 
|{{SAMM-BadgeList|name=Secure_Architecture|abbr=SA|padding=0}}
 
|{{SAMM-BadgeList|name=Secure_Architecture|abbr=SA|padding=0}}
 
|-
 
|-
 
|[https://www.owasp.org/index.php/SAMM_-_Verification https://www.owasp.org/images/8/83/V.png]
 
|[https://www.owasp.org/index.php/SAMM_-_Verification https://www.owasp.org/images/8/83/V.png]
 
|-
 
|-
|align="center"|'''Design Review'''
+
| align="center" |'''Design Review'''
 
|{{SAMM-BadgeList|name=Design_Review|abbr=DR|padding=0}}
 
|{{SAMM-BadgeList|name=Design_Review|abbr=DR|padding=0}}
 
|-
 
|-
|align="center"|'''Code Review'''
+
| align="center" |'''Code Review'''
 
|{{SAMM-BadgeList|name=Code_Review|abbr=CR|padding=0}}
 
|{{SAMM-BadgeList|name=Code_Review|abbr=CR|padding=0}}
 
|-
 
|-
|align="center"|'''Security Testing'''
+
| align="center" |'''Security Testing'''
 
|{{SAMM-BadgeList|name=Security_Testing|abbr=ST|padding=0}}
 
|{{SAMM-BadgeList|name=Security_Testing|abbr=ST|padding=0}}
 
|-
 
|-
 
|[https://www.owasp.org/index.php/SAMM_-_Deployment https://www.owasp.org/images/5/54/D.png]
 
|[https://www.owasp.org/index.php/SAMM_-_Deployment https://www.owasp.org/images/5/54/D.png]
 
|-
 
|-
|align="center"|'''Vulnerability Management'''
+
| align="center" |'''Vulnerability Management'''
 
|{{SAMM-BadgeList|name=Vulnerability_Management|abbr=VM|padding=0}}
 
|{{SAMM-BadgeList|name=Vulnerability_Management|abbr=VM|padding=0}}
 
|-
 
|-
|align="center"|'''Environment Hardening'''
+
| align="center" |'''Environment Hardening'''
 
|{{SAMM-BadgeList|name=Environment_Hardening|abbr=EH|padding=0}}
 
|{{SAMM-BadgeList|name=Environment_Hardening|abbr=EH|padding=0}}
 
|-
 
|-
|align="center"|'''Operational Enablement'''
+
| align="center" |'''Operational Enablement'''
 
|{{SAMM-BadgeList|name=Operational_Enablement|abbr=OE|padding=0}}
 
|{{SAMM-BadgeList|name=Operational_Enablement|abbr=OE|padding=0}}
 
|-
 
|-
Line 141: Line 166:
  
 
Download SAMM v1.5
 
Download SAMM v1.5
* [https://www.owasp.org/images/8/8d/OWASP_SAMM_v1.5.zip All SAMM v1.5 files (.zip)] Zip file containing all the v1.5 files below;
+
* [https://github.com/OWASP/samm/blob/master/v1.5/Final/OWASP_SAMM_v1.5.zip All SAMM v1.5 files (.zip)] Zip file containing all the v1.5 files below;
* [https://www.owasp.org/images/6/6f/SAMM_Core_V1-5_FINAL.pdf SAMM Core Model] document, explaining the maturity model;
+
* [https://github.com/OWASP/samm/blob/master/v1.5/Final/SAMM_Core_V1-5_FINAL.pdf SAMM Core Model] document, explaining the maturity model;
* [https://www.owasp.org/images/3/30/SAMM_How_To_V1-5_FINAL.pdf How-To Guide] with implementation guidance;
+
* [https://github.com/OWASP/samm/blob/master/v1.5/Final/SAMM_How_To_V1-5_FINAL.pdf How-To Guide] with implementation guidance;
* [https://www.owasp.org/images/1/18/SAMM_Quick_Start_V1-5_FINAL.pdf Quick-Start Guide] with different steps to improve your secure software practice;
+
* [https://github.com/OWASP/samm/blob/master/v1.5/Final/SAMM_Quick_Start_V1-5_FINAL.pdf Quick-Start Guide] with different steps to improve your secure software practice;
* [https://www.owasp.org/images/9/98/SAMM_Assessment_Toolbox_v1.5_FINAL.xlsx SAMM Toolbox] to perform SAMM assessments and create SAMM roadmaps;
+
* [https://github.com/OWASP/samm/blob/master/v1.5/Final/SAMM_Assessment_Toolbox_v1.5_FINAL.xlsx SAMM Toolbox] to perform SAMM assessments and create SAMM roadmaps;
* [https://www.owasp.org/images/8/84/SAMM_Assessment_Toolbox_v1.5-Example_FINAL.xlsx SAMM Tool Box Example] to provide an example SAMM assessment;
+
* [https://github.com/OWASP/samm/blob/master/v1.5/Final/SAMM_Assessment_Toolbox_v1.5-Example_FINAL.xlsx SAMM Tool Box Example] to provide an example SAMM assessment;
  
 
Download SAMM v1.1
 
Download SAMM v1.1
* [https://www.owasp.org/images/d/d8/OpenSAMM_Core_V1-1-Final.pdf SAMM Core Model] document, explaining the maturity model;
+
* [https://github.com/OWASP/samm/blob/master/v1.1/Final/SAMM_Core_V1-1-Final.pdf SAMM Core Model] document, explaining the maturity model;
* [https://www.owasp.org/images/a/a7/OpenSAMM_How_To_V1-1-Final.pdf How-To Guide] with implementation guidance;
+
* [https://github.com/OWASP/samm/blob/master/v1.1/Final/SAMM_How_To_V1-1-Final.pdf How-To Guide] with implementation guidance;
* [https://www.owasp.org/images/3/3f/OpenSAMM_Quick_Start_V1-1-Final.pdf Quick-Start Guide] with different steps to improve your secure software practice;
+
* [https://github.com/OWASP/samm/blob/master/v1.1/Final/SAMM_Quick_Start_V1-1-Final.pdf Quick-Start Guide] with different steps to improve your secure software practice;
* [https://www.owasp.org/images/b/b9/OpenSAMM_Assessment_Toolbox_v1-1-Final.xlsx Updated SAMM Tool Box] to perform SAMM assessments and create SAMM roadmaps;
+
* [https://github.com/OWASP/samm/blob/master/v1.1/Final/SAMM_Assessment_Toolbox_v1-1-Final.xlsx Updated SAMM Tool Box] to perform SAMM assessments and create SAMM roadmaps;
  
 
Download OpenSAMM v1.0:
 
Download OpenSAMM v1.0:
Line 158: Line 183:
 
* in [https://www.owasp.org/images/a/a9/SAMM-1.0-es_MX.pdf Spanish - PDF], [https://www.owasp.org/images/a/a1/SAMM-1.0-es_MX-0.3.xml.zip Spanish - XML]
 
* in [https://www.owasp.org/images/a/a9/SAMM-1.0-es_MX.pdf Spanish - PDF], [https://www.owasp.org/images/a/a1/SAMM-1.0-es_MX-0.3.xml.zip Spanish - XML]
 
* in [https://www.owasp.org/images/a/a9/SAMM-1.0-ja_JP.pdf Japanese - PDF], not available as XML
 
* in [https://www.owasp.org/images/a/a9/SAMM-1.0-ja_JP.pdf Japanese - PDF], not available as XML
 +
* in [https://www.owasp.org/images/f/fd/SAMM-1.0-cn.pdf Chinese - PDF], not available as XML
  
  
Line 172: Line 198:
 
Assessments:
 
Assessments:
 
* SAMM v1.5 Toolbox
 
* SAMM v1.5 Toolbox
** Download the new v1.5 Toolbox with the updated scoring model [https://www.owasp.org/images/9/98/SAMM_Assessment_Toolbox_v1.5_FINAL.xlsx SAMM v1.5 Toolbox]
+
** Download the new v1.5 Toolbox with the updated scoring model [https://github.com/OWASP/samm/blob/master/v1.5/Final/SAMM_Assessment_Toolbox_v1.5_FINAL.xlsx SAMM v1.5 Toolbox]
* SAMM v1.1 RC1 toolbox
+
* SAMM v1.1 Toolbox
** download the latest toolbox, including the updated questions [https://github.com/OWASP/opensamm/blob/master/v1.1/OpenSAMM_Assessment_Toolbox_v1-1-RC.xlsx here]
+
** download the v1.1 toolbox, including the updated questions [https://github.com/OWASP/samm/blob/master/v1.1/Final/SAMM_Assessment_Toolbox_v1-1-Final.xlsx here]
 
* Assessment Interview Template by Nick Coblentz for SAMM V1.0
 
* Assessment Interview Template by Nick Coblentz for SAMM V1.0
 
** This [https://www.owasp.org/images/c/cf/20090607-SAMMAssessmentInterviewTemplate-1.0.xls spreadsheet] breaks down the assessment questionnaire from the SAMM framework into assertion statements that can be used to drive assessment interviews.
 
** This [https://www.owasp.org/images/c/cf/20090607-SAMMAssessmentInterviewTemplate-1.0.xls spreadsheet] breaks down the assessment questionnaire from the SAMM framework into assertion statements that can be used to drive assessment interviews.
Line 207: Line 233:
  
 
[[Image:OwaspSAMM.png|right]]
 
[[Image:OwaspSAMM.png|right]]
 +
 +
'''Join us at the Open Security Summit next June'''<br>
 +
We have a dedicated [https://opensecuritysummit.org/tracks/owasp-samm/ SAMM track] at the upcoming Open Security Summit (supported by OWASP)!<br>
 +
You can register for on-site or remote participation [https://opensecuritysummit.org/tickets/ here].<br>
 +
 +
We organised a core team summit in November 2018 in Minneapolis, check out the results [https://github.com/OWASP/samm/blob/master/Supporting%20Resources/v2.0/summit-201810-Minneapolis/Summit-outcomes.md here].
  
 
In 2016 we organized our second OWASP SAMM Summit in New York on 20-21 April, details [https://www.owasp.org/index.php/OWASP_SAMM_Summit_2016 >here<] !!
 
In 2016 we organized our second OWASP SAMM Summit in New York on 20-21 April, details [https://www.owasp.org/index.php/OWASP_SAMM_Summit_2016 >here<] !!
Line 237: Line 269:
 
[[Image:OwaspSAMM.png|right]]
 
[[Image:OwaspSAMM.png|right]]
 
<div style="font-size:120%;border:none;margin: 0;color:#000">
 
<div style="font-size:120%;border:none;margin: 0;color:#000">
{{:Projects/OWASP SAMM Project/Pages/Talks | Talks}}
+
Upcoming talks featuring SAMM are listed here:
 +
 
 +
* OWASP DC - Software Assurance Maturity Model (SAMM) with Brian Glas! (2017-03-15)
 +
* OWASP NoVA - SAMM 1.5, what's changed and how it impacts you (2017-03-16)
 +
* InfoSec World - Software Assurance Maturity Model Evolutions (2017-04-03)
  
 +
past talks:
 +
 +
* OWASP SAMM v1.5 Webinar - Brian Glas discussing the SAMM model and changes in v1.5 (watch - [https://www.youtube.com/watch?v=4pKdwRb8fTI youtube]) - 2017
 +
* OWASP 24/7 - Seba Deleersnyder discussing the upcoming SAMM Summit (listen - [https://soundcloud.com/owasp-podcast/seba-deleersnyder-discusses-samm-software-assurance-maturity-model-summit-in-dublin-ireland here]) - 2015
 +
* OWASP Germany Day 2014: Seba Deleersnyder: OpenSAMM Best Practices: Lessons from the Trenches (download [https://www.owasp.org/images/f/fa/OpenSAMM_Best_Practices_Lessons_from_the_Trenches_-_Seba_Deleersnyder.pdf presentation]) - 2014
 +
* AppSecEU14: Seba Deleersnyder & Bart De Win: OpenSAMM Best Practices: Lessons from the Trenches OpenSAMM Best Practices: Lessons from the Trenches (download [https://www.owasp.org/images/6/6f/OpenSAMM_-_AppSecEU_2014_-_Seba-Bart_v20140528.pptx presentation], see [https://www.youtube.com/watch?v=qcCgeBeBLUg video]) - 2014
 +
* AppSecEU13 - Hamburg: Seba Deleersnyder presenting a project update (download [https://www.owasp.org/images/3/32/OpenSAMM_-_Project_Status_-_Hamburg_2013.pdf presentation]) - 2013
 +
* OWASP Europe Tour 2013 - Geneva: Seba Deleersnyder presenting OpenSAMM and the renewed project  (download [https://www.owasp.org/images/c/cd/OpenSAMM_-_OWASP_Tour_13_Talk_-_Seba.pptx presentation]) - 2013
 +
* AppSecEU11 - Athens: Colin Watson presenting SAMM Training (download [https://www.owasp.org/images/1/18/Owasp-training-samm-greece.pdf presentation]) - 2011
 +
* AppSecEU09: Pravir Chandra presenting OpenSAMM v1.0 (download [https://www.owasp.org/images/4/49/AppSecEU09_OpenSAMM-1.0.ppt presentation]) - 2009
 +
* Matt Bartoldus presentation on new SAMM project during OWASP London chapter (download [https://www.owasp.org/images/d/df/OpenSAMM.pdf presentation]) - 2009
 +
* Pravir Chandra - first presentation discussing the next generation to the CLASP Project- a complete working of the details into a Software Assurance Maturity Model (SAMM). (download [https://www.owasp.org/images/2/2e/OWASP_CLASP_SAMM.ppt presentation]) - 2009
  
 
</div>
 
</div>
Line 245: Line 293:
 
[[Image:OwaspSAMM.png|right]]
 
[[Image:OwaspSAMM.png|right]]
 
<div style="font-size:120%;border:none;margin: 0;color:#000">
 
<div style="font-size:120%;border:none;margin: 0;color:#000">
{{:Projects/OWASP SAMM Project/Pages/News | News}}
+
 
 +
Latest News on SAMM
 +
* OWASP SAMM v2.0 workshop at the OWASP Project Summit June 2017
 +
* OWASP SAMM v1.5 Released!
 +
* SAMM Summit 2016 read the [https://docs.google.com/document/d/19_LC1euR7ZuazRYgeblhPE1Fv6E8N56Bu8zANq2JB30/edit wrap-up here]
 +
* OWASP SAMM v1.1 Released! See the [http://www.prnewswire.com/news-releases/owasp-releases-software-assurance-maturity-model-samm-version-11-for-improving-software-security-300236836.html Press Release].
 +
* OpenSAMM v1.1 RC - [http://lists.owasp.org/pipermail/samm/2015-December/000758.html available for review]
  
 
</div>
 
</div>
Line 258: Line 312:
 
* Spanish
 
* Spanish
 
* Japanese
 
* Japanese
 +
* Chinese
  
 
Carlos Allendes created a presentation in Spanish on SAMM during the 2011 LatAm tour, download the [https://www.owasp.org/images/c/cf/05_OWASP_LatamTur2011_OpenSAMM.pdf presentation].
 
Carlos Allendes created a presentation in Spanish on SAMM during the 2011 LatAm tour, download the [https://www.owasp.org/images/c/cf/05_OWASP_LatamTur2011_OpenSAMM.pdf presentation].
Line 320: Line 375:
  
 
<div style="font-size:120%;border:none;margin: 0;color:#000">
 
<div style="font-size:120%;border:none;margin: 0;color:#000">
 +
 +
SAMM is developed and maintained by a worldwide team of volunteers. We have also been helped by many organizations, either financially or by encouraging their employees to work on SAMM.
  
 
==SAMM Adopters==
 
==SAMM Adopters==
Current list of [https://www.owasp.org/index.php/OpenSAMM_Adopters OpenSAMM adopters]
+
SAMM is the premier open source software assurance framework. You can find a list of [https://www.owasp.org/index.php/OpenSAMM_Adopters SAMM adopters] online.
 +
 
 +
==Call for SAMM2 Sponsors==
 +
OWASP SAMM and the upcoming SAMM 2.0 release is the open source software security maturity model used to develop secure software for IT, application and software security technologists.
  
 +
We are seeking sponsors to support OWASP SAMM. All proceeds from the sponsorship support the mission of the OWASP Foundation and the further development of SAMM. Supporting the project drives the funding for research grants, SAMM hosting, tools, templates, documents, promotion, and more.
  
SAMM is developed and maintained by a worldwide team of volunteers.
+
By sponsoring SAMM, you not only support an important and flagship OWASP project, you will also get visibility during the next SAMM Summit (part of the [https://open-security-summit.org/ Open Security Summit 2019]) and recognition on the OWASP SAMM [https://owaspsamm.org/ web site] and the next release of SAMM (version 2.0).
  
But we have also been helped by many organizations, either financially or by encouraging their employees to work on SAMM:
+
For more information: Contact [mailto:seba@owasp.org seba@owasp.org]
  
 
==== Acknowledgements ====
 
==== Acknowledgements ====
 +
 
We would like to thank the following sponsors who donated funds to our project:
 
We would like to thank the following sponsors who donated funds to our project:
  
 
+
[[File:Imageedit_15_5335623074.png|frameless]][[File:Fortify blue 800px.png|250px|link=https://www.microfocus.com/en-us/solutions/application-security]][[File:1280px-NCC Group logo.svg.png|frameless]][[File:Splunk copy.png|frameless]]  
[[File:Belgium_Chapter.PNG|250px|link=https://www.owasp.org/index.php/Belgium]]
 
[[File:London_Chapter.PNG|250px|link=https://www.owasp.org/index.php/London]]
 
 
 
[[File:Aspectsecurity.png|250px|link=http://www.aspectsecurity.com]]
 
[[File:Astech_Consulting_logo.png|250px|link=http://www.astechconsulting.com/]]
 
[[File:Denim_Group_logo.jpg|250px|link=http://www.denimgroup.com/]]  
 
[[File:Gotham_Digital_Science_logo.jpg|250px|link=http://www.gdssecurity.com/]]
 
 
 
{{MemberLinksv2|link=http://www.hpenterprisesecurity.com|logo=HP_Blue_RGB_150_SM.png|size=300px90px}}
 
[[File:NetSPI_logo.png|250px|link=http://www.netspi.com/]]
 
[[Image:PwC_logo_4colourprint_(2)_Resized_good_one.jpg|150px|link=http://www.pwc.com]]
 
[[File:SI_Logo_Stacked_Application_Security.jpg|250px|link=http://www.securityinnovation.com/]]
 
[[File:LogoToreon.jpg|250px|link=http://www.toreon.com]]  
 
[[File:Veracode-samm.png|250px|link=http://www.veracode.com]]  
 
  
  
__NOTOC__ <headertabs />
+
__NOTOC__ <headertabs></headertabs>
  
<br/>
+
<br />
 
{{OWASP Book|6888083}}
 
{{OWASP Book|6888083}}
<br/>
+
<br />
  
[[Category:OWASP_Project|Zed Attack Proxy Project]]
+
[[Category:OWASP Project|Zed Attack Proxy Project]]
 
[[Category:OWASP_Tool]]
 
[[Category:OWASP_Tool]]
[[Category:OWASP_Release_Quality_Tool|OWASP Release Quality Tool]]
+
[[Category:OWASP Release Quality Tool|OWASP Release Quality Tool]]
 
[[Category:OWASP_Download]]
 
[[Category:OWASP_Download]]
 
[[Category:Popular]]
 
[[Category:Popular]]

Latest revision as of 06:42, 10 May 2019

Flagship big.jpg

Join us at the Open Security Summit next June
We have a dedicated SAMM track at the upcoming Open Security Summit (supported by OWASP)!
You can register for on-site or remote participation here.

OWASP SAMMv2 beta released for community review
We are very proud to announce a new version of SAMM!
Check it out on our new website: https://owaspsamm.org/.
Please, read our notes on how to provide feedback.

OWASP SAMM v1.5 available in the downloads section!
We are now working on the Beta release of OWASP SAMMv2, our work in progress is available online on our new web site.

Join our monthly calls

  • The monthly call is on each 2nd Wednesday of the month at 21h30 CEST / 3:30pm EST.
  • Please join our GoToMeeting: https://global.gotomeeting.com/join/262891661
  • The call is open for everybody interested in SAMM or who wants to work on SAMM.

Join us on the OWASP SAMM project Slack channel

2019 OWASP SAMM Summit (3-7 JUNE 2019, Bedford, UK)

  • Join our 2019 OWASP SAMM Summit at Woburn Forest, Bedfordshire as part of the Open Security Summit.
  • We will organize working sessions in a 5-day sprint to draft SAMM v2.0.
  • Register online here
  • Sponsor the SAMM2, more details here

The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. SAMM helps you:

  • Evaluate an organization’s existing software security practices
  • Build a balanced software security assurance program in well-defined iterations
  • Demonstrate concrete improvements to a security assurance program
  • Define and measure security-related activities throughout an organization


Dell uses OWASP’s Software Assurance Maturity Model (Owasp SAMM) to help focus our resources and determine which components of our secure application development program to prioritize., (Michael J. Craigue, Information Security & Compliance, Dell, Inc.)

Follow OWASP SAMM on twitter: @owaspsamm


Share this:  E-mail this story Bookmark with Facebook Share on Digg.com Share on delicious Share on reddit.com Share on stumbleupon.com Share on LinkedIn.com Share on twitter.com Seed on Newsvine

Quick Download v1.5

All SAMM v1.5 files (.zip)
SAMM Core Model
How-To Guide
Quick Start Guide
SAMM Toolbox
SAMM Toolbox Example
OWASP SAMM on GitHub

Quick Download v1.1.1

SAMM Core Model
How-To Guide
Quick-Start Guide
Updated SAMM Tool Box
OWASP SAMM on GitHub

News and Events

Please see the News and Talks tabs

Change Log

Email List

Questions? Please ask on the SAMM Mailing List

Project Leaders

Seba Deleersnyder
Bart De Win

Related Projects


Classifications

Owasp-flagship-trans-85.png Owasp-defenders-small.png
Owasp-builders-small.png
Cc-button-y-sa-small.png
Project Type Files DOC.jpg


OWASP Books logo.png This project has produced a book that can be downloaded or purchased.
Feel free to browse the full catalog of available OWASP books.

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_SAMM_Project&oldid=251306"