SAMM provides an effective and measurable way for all types of organizations to analyze and improve their software security posture.
Be an OWASP SAMM contributor and tell us about your experience using our maturity model in guest articles. Get in touch with us to share your SAMM story.
What happened in 2020? This was a special year but still a lot happened for SAMM. The team worked hard to continue delivering and adding value for our users. New version, new website, new ways of getting together In 2020 we launched OWASP SAMM v2.0, more than 10 years after OpenSAMM v1.0 was launched on March 25th, 2009 by Pravir Chandra. Throughout 2020 we developed and released a new website and promoted the launch of SAMM v2.
Building Security In Maturity Model (BSIMM) compared to Software Assurance Maturity Model (SAMM) A common origin BSIMM (Building Security In Maturity Model) and SAMM (Software Assurance Maturity Model) have similar origins dating back to a common origin back in 2008-2009. I’m frequently asked about what is similar and what is different between the two models, so I wrote up this comparison to help organizations understand which of these two models may be a better fit for their needs.
What version 2 brought along A significant change that happened behind the scenes for SAMM 2.0 was the addition of a CI/CD pipeline, the automated version of all the steps we need to deliver SAMM. It has enhanced our productivity, providing standardization and enabling faster iterations. At the core of Continuous Integration and Continuous Delivery are speed of delivery, reliability, and visibility. This process encourages frequent updates, allows quick fixes, and ensures a set of checks before deployment.
After three years of preparation, our SAMM project team has delivered version 2 of SAMM! OWASP SAMM (Software Assurance Maturity Model) is the OWASP framework to help organizations assess, formulate, and implement, through our self-assessment model, a strategy for software security they can integrate into their existing Software Development Lifecycle (SDLC). The new SAMM v2 consists of the following components: The SAMM Model overview and introduction, explaining the maturity model in detail A Quick-start Guide with different steps to improve your secure software practice An updated SAMM Toolbox to perform SAMM assessments and create SAMM roadmaps A new SAMM Benchmark initiative to compare your maturity and progress with other similar organizations and teams What’s changed with SAMM v2?
Software powers the world, but insecure software threatens safety, trust, and economic growth.Your support powers SAMM and helps us achieve our mission.
OWASP SAMM is published under the CC BY-SA 4.0 license and we share the OWASP Privacy Policy
Template by Bootstrapious. Ported to Hugo by DevCows
