OWASP SAMM Project
- Browse Online
- Get Involved
- Project Sponsors
News and Events
Questions? Please ask on the SAMM Mailing List
The foundation of the model is built upon the core business functions of software development with security practices tied to each (see diagram below). The building blocks of the model are the three maturity levels defined for each of the twelve security practices. These define a wide variety of activities in which an organization could engage to reduce security risks and increase software assurance. Additional details are included to measure successful activity performance, understand the associated assurance benefits, estimate personnel and other costs.
Click on any badge to learn more
|Strategy & Metrics||
|Policy & Compliance||
|Education & Guidance||
Download SAMM v1.0:
- in English - PDF, English - XML
- in Spanish - PDF, Spanish - XML
- in Japanese - PDF, not available as XML
- Recent OWASP SAMM 1-Day training slide deck delivered by Bart De Win and Sebastien Deleersnyder at AppSec Europe 2014 in Cambridge
- BSIMM-V mapping to SAMM activities:
In 2015 we organized our the first OWASP SAMM Summit in Dublin on 27-28 March, details >here< !!
- 28 Mar 2015 - https://docs.google.com/document/d/1pC4har75olF1WPZaqRfXFG9T3SS_qoEUvHkEynE0iTI/edit
- Summit outcome is described here
"The SAMM summit provided an opportunity to breathe new life into a framework that I use to facilitate my day-to-day work and support my customers." Bruce C Jenkins, Fortify Security Lead, Hewlett-Packard Company
Previous workshop Notes:
During the AppSec conferences, the SAMM project team organises workshops for you to influence the direction SAMM evolves.
This is also an excellent opportunity to exchange experiences with your peers.
If you plan on attending http://appsec.eu be sure to get involved in the SAMM workshop (scheduled on Jun-23).
- The agenda for the SAMM Workshop in Cambridge on 23-Jun-2014 is available here.
Previous workshop notes:
- The notes for the SAMM Workshop in New York on 21-Nov-2013 are available here.
- The notes for the SAMM Workshop in Hamburg on 21-Aug-2013 are available here.
| This project has produced a book that can be downloaded or purchased.|
Feel free to browse the full catalog of available OWASP books.