OWASP SAMM Project

= Main = 

{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 * valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. SAMM helps you:
 * Evaluate an organization’s existing software security practices
 * Build a balanced software security assurance program in well-defined iterations
 * Demonstrate concrete improvements to a security assurance program
 * Define and measure security-related activities throughout an organization



Dell uses OWASP’s Software Assurance Maturity Model (OpenSAMM) to help focus our resources and determine which components of our secure application development program to prioritize., (Michael J. Craigue, Information Security & Compliance, Dell, Inc.)

Want a very quick introduction? See the TBD - Quickstart Guide

For a slightly longer introduction see the latest project presentation.

Browse the SAMM model online here


 * valign="top" style="padding-left:25px;width:200px;" |

Quick Download
Download OWASP SAMM!

News and Events
Please see the News and Talks tabs

Change Log

 * TBD

Email List
Questions? Please ask on the SAMM Mailing List

Project Leaders
Project Leaders Seba Deleersnyder Pravir Chandra Kuai Hinojosa Bart De Win

Classifications

 * }

= Talks =

= News =

= Supporters =

SAMM is developed and maintained by a worldwide team of volunteers.

But we have also been helped by many organizations, either financially or by encouraging their employees to work on SAMM:


 * OWASP
 * TBD

= Browse Online =

Click on any badge to learn more
= Languages =

SAMM is available in the following languages:


 * English
 * Spanish
 * Japanese
 * German

You can use Crowdin to help improve these translations or add new ones right now!

= Roadmap =

Project Roadmap: Is available via this link

Release 1.1
The major features we are currently working on include:
 * Add quick start guide
 * Add tools & OWASP resources
 * Add use cases, experience
 * Revamp SAMM wiki

The date and exact items that will be included in 2.0 have not been finalized. The list of requested improvements is here

= Get Involved =

Involvement in the development of SAMM is actively encouraged!

You do not have to be a security expert in order to contribute.

Some of the ways you can help:

Feature Requests
TBD

Feedback
Please use the Mailing List for feedback:
 * What do like?
 * What don't you like?
 * How can we make SAMM easier to use?
 * How could SAMM be improved?

Localization
Are you fluent in another language? Can you help translate SAMM into that language?

You can use Crowdin to do that!

Development
If you fancy having a go at adding functionality to ZAP then please get in touch via the zaproxy-develop Google Group.

Again, you do not have to be a security expert to contribute code - working on ZAP could be great way to learn more about web application security!

If you actively contribute to ZAP then you will be invited to join the project.

= Project Sponsors =

Acknowledgements
We would like to thank the following sponsors who donated funds to our project:

https://www.owasp.org/images/d/d6/Veracode-samm.png