This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

OpenSAMM Adopters

Revision as of 09:49, 17 April 2017 by Sdeleersnyder (talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

List of Organizations Using OpenSAMM

Organization Name Contact Role Organization Type (*) Region Testimonial
Dell, Inc. Michael J. Craigue Information Security & Compliance Technology US is a valuable resource for any company involved with online payment card transactions. Dell uses OWASP’s Software Assurance Maturity Model (OpenSAMM) to help focus our resources and determine which components of our secure application development program to prioritize. Participation in OWASP’s local chapter meetings and conferences around the globe helps us build stronger networks with our colleagues.
KBC Johan Jacobs ICT Department Head Banking Europe -
Gotham Digital Science Matt Bartoldus Co-Founder & Director Security services Global SAMM has defined the building blocks for effective software security assurance… Our clients can use the model to see what needs to be done and what skills and resources are needed to do the job. Best of all, businesses can use SAMM to quantify results and improvements by assessing practices against SAMM activities.
Fortify Software Brian Chess Founder & Chief Scientist Security services Global These days people understand that security has to be built in–it can’t be bolted on. But for many a big question remains: what does it take to build secure software? SAMM tackles that question head on with a framework for creating and growing a software security initiative. SAMM has focused the way I think about the human side of the software security problem.
ING Insurance International Rob Moes IT Security Manager Insurance Europe Within ING Insurance International we adopted SAMM as it is a practical standard which provides guidance to build an Secure Application Development organization in clear and distinctive steps.
ISG Christian Heinrich Application Security Manager Health Australia ISG has integrated both OpenSAMM and BSIMM to measure security improvement over time in addition to our overall measurement of the "Capability Maturity Model for Software Development" published by Carnegie Mellon University".
Dave Ockwell-Jenner VP Product Security Air Transport ITC Global Our organization initiated it's software security program in response to the changing threat landscape in our industry. We adopted SAMM as the primary framework to plan, design, and drive implementation across our global software development organization. Combined with governance, training and an evolutionary approach to implementation (courtesy of SAMM) we have seen an approximate 75% increase in maturity and corresponding drop in potential security defects over the course of the program. Secure Software Development is now business-as-usual!.
Brian Hanson Senior Security Architect IT services Global When it came to evaluating product development environments, HP’s scale and density presented a tough challenge for us. OpenSAMM has proved to be an invaluable tool to baseline our current SDL maturity and measure onward improvements. Importantly, we are able to easily demonstrate our current capability level vis-à-vis industry standards and provide compelling business cases for our future investment portfolio.
RES Software
Jacco van Tuijl Security Architect software vendor/ development Global OpenSAMM helped us implementing secure software development life cycle step-by-step. The available content and tools saved us a lot of time.'
Sebastien Deleersnyder Managing Partner IT services Global We regularly use OWASP SAMM to create software security roadmaps for our customers
Koukouras Yiannis Managing Director IT Services Europe OpenSAMM is the default framework we use in order to strengthen the Secure SDLC process of our customers in a systematic and measurable fashion. It is the best available option to embed security controls in an existing SDLC process regardless of the followed methodology (RUP, Scrum etc.), the volume of the project, the size and the risk profile of the target organisation. Moreover, it can smoothly integrate with other resources provided by OWASP, like ASVS, Secure Coding Standard, Top 10 proactive controls, SKF, Testing Guide etc. delivering a holistic approach to realize the Secure-by-Default concept.
UniSystems S.A.
Andreas Athanasoulias Information Security Officer & Services Team Leader Systems Integrator & Software House Europe UniSystems has integrated the OpenSAMM framework into its certified by ISO 27001:2013 Information Security Management System (ISMS) and adopts it throughout the development lifecycle.
Trasys Greece
Angelos Moschovinos Country Manager IT Services Europe -
<Fill in Organisation Name> <Fill in Contact First Name, Family Name> <Fill in Contact role in the organisation> <Fill in Organisation Type: Government, Finance, Healthcare, ...> <Fill in Region: Continent, Country> <Fill in Contact Testimonial - OPTIONAL>