Jump to: navigation, search


25 August 2011 12:00 – 13:30


Deloitte, 550 Bourke St, Melbourne VIC 3000 The building is located between William St and Kind St.

Room Location: Floor 10 – get directed by reception

Please ask about OWASP at reception and they will direct you to the right room.

Something to keep in mind, the button panel for the lifts is actually outside of the lift in the foyer - going to floor 10.


Pravir Chandra


The Software Assurance Maturity Model (OpenSAMM)

The Software Assurance Maturity Model (SAMM) ( is a flexible and prescriptive framework for building security into a software development organization. Covering more than typical SDLC-based models for security, SAMM enables organisations to self-assess their security assurance program and then use recommended roadmaps to improve in a way that's aligned to the specific risks facing the organization. Beyond that, SAMM enables creation of scorecards for an organisation's effectiveness at secure software development throughout the typical governance, development, and deployment business functions. Scorecards also enable management within an organization to demonstrate quantitative improvements through iterations of building a security assurance program. This workshop will introduce the SAMM framework and walk through useful activities such as assessing an assurance program, mapping an existing organization to a recommended roadmap, and iteratively building an assurance program. Time allowing, additional case studies will also be discussed. SAMM is an open a free project and has recently been added under the Open Web Application Security Project (OWASP).

Abouth the speaker

Pravir Chandra is Director of Strategic Services at Fortify, an HP company, where he leads software security assurance programs for Fortune 500 clients in a variety of verticals. He is responsible for standing up the most comprehensive and measurably effective programs in existence today. Creator and leader of the Open Software Assurance Maturity Model (OpenSAMM) project, Pravir also works extensively with OWASP and on other open projects to promote effective application security practices. As a thought leader in the security field for over 10 years, Pravir has written many articles, whitepapers, and books and is routinely invited to speak at businesses and conferences world-wide.

Hope to see you all there.