This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP SAMM Project
The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. SAMM helps you:
Want a very quick introduction? See the TBD - Quickstart Guide For a slightly longer introduction see the latest project presentation. Browse the SAMM model online here
|
Quick DownloadNews and EventsPlease see the News and Talks tabs Change Log
Email ListQuestions? Please ask on the SAMM Mailing List Project LeadersProject Leaders Related Projects
Classifications
|
upcoming talks will be listed here:
- OWASP DC - Software Assurance Maturity Model (SAMM) with Brian Glas! (2017-03-15)
- OWASP NoVA - SAMM 1.5, what's changed and how it impacts you (2017-03-16)
- InfoSec World - Software Assurance Maturity Model Evolutions (2017-04-03)
past talks:
- OWASP 24/7 - Seba Deleersnyder discussing the upcoming SAMM Summit (listen - here) - 2015
- OWASP Germany Day 2014: Seba Deleersnyder: OpenSAMM Best Practices: Lessons from the Trenches (download presentation) - 2014
- AppSecEU14: Seba Deleersnyder & Bart De Win: OpenSAMM Best Practices: Lessons from the Trenches OpenSAMM Best Practices: Lessons from the Trenches (download presentation, see video) - 2014
- AppSecEU13 - Hamburg: Seba Deleersnyder presenting a project update (download presentation) - 2013
- OWASP Europe Tour 2013 - Geneva: Seba Deleersnyder presenting OpenSAMM and the renewed project (download presentation) - 2013
- AppSecEU11 - Athens: Colin Watson presenting SAMM Training (download presentation) - 2011
- AppSecEU09: Pravir Chandra presenting OpenSAMM v1.0 (download presentation) - 2009
- Matt Bartoldus presentation on new SAMM project during OWASP London chapter (download presentation) - 2009
- Pravir Chandra - first presentation discussing the next generation to the CLASP Project- a complete working of the details into a Software Assurance Maturity Model (SAMM). (download presentation) - 2009
Latest News on SAMM
- SAMM Summit 2016 read the wrap-up here
- OWASP SAMM v1.1 Released! See the Press Release.
- OpenSAMM v1.1 RC - available for review
SAMM is developed and maintained by a worldwide team of volunteers.
But we have also been helped by many organizations, either financially or by encouraging their employees to work on SAMM:
- OWASP
- TBD
SAMM is available in the following languages:
- English
- Spanish
- Japanese
- German
You can use Crowdin to help improve these translations or add new ones right now!
Project Roadmap:
Is available via this link
Release 1.1
The major features we are currently working on include:
- Add quick start guide
- Add tools & OWASP resources
- Add use cases, experience
- Revamp SAMM wiki
The date and exact items that will be included in 2.0 have not been finalized. The list of requested improvements is here
Involvement in the development of SAMM is actively encouraged!
You do not have to be a security expert in order to contribute.
Some of the ways you can help:
Feature Requests
TBD
Feedback
Please use the Mailing List for feedback:
- What do like?
- What don't you like?
- How can we make SAMM easier to use?
- How could SAMM be improved?
Localization
Are you fluent in another language? Can you help translate SAMM into that language?
You can use Crowdin to do that!
Development
If you fancy having a go at adding functionality to ZAP then please get in touch via the zaproxy-develop Google Group.
Again, you do not have to be a security expert to contribute code - working on ZAP could be great way to learn more about web application security!
If you actively contribute to ZAP then you will be invited to join the project.