OWASP SAMM Project
- Browse Online
- Tools & Templates
- Get Involved
- Project Sponsors
News and Events
Questions? Please ask on the SAMM Mailing List
The foundation of the model is built upon the core business functions of software development with security practices tied to each (see diagram below). The building blocks of the model are the three maturity levels defined for each of the twelve security practices. These define a wide variety of activities in which an organization could engage to reduce security risks and increase software assurance. Additional details are included to measure successful activity performance, understand the associated assurance benefits, estimate personnel and other costs.
Click on any badge to learn more
|Strategy & Metrics||
|Policy & Compliance||
|Education & Guidance||
- Recent OWASP SAMM 1-Day training slide deck delivered by Bart De Win and Sebastien Deleersnyder at AppSec Europe 2014 in Cambridge
- BSIMM-V mapping to SAMM activities:
In 2015 we organized our the first OWASP SAMM Summit in Dublin on 27-28 March, details >here< !!
| This project has produced a book that can be downloaded or purchased.|
Feel free to browse the full catalog of available OWASP books.