OWASP SAMM

Our mission is to provide an effective and measurable way for you to analyze and improve your secure development lifecycle. SAMM supports the complete software lifecycle and is technology and process agnostic. We built SAMM to be evolutive and risk-driven in nature, as there is no single recipe that works for all organizations.

Check out the OWASP SAMM v2 model online:

SAMM Model

Get OWASP SAMM new delivered to your mailbox

Join us on the OWASP SAMM project Slack channel

Join our project slack channel
Invitations (self registration) via: https://owasp.org/slack/invite

Join our monthly calls

The monthly call is on each 2nd Wednesday of the month at 21h30 CET / 3:30pm ET.
Register through our SAMM MeetUp to join the Zoom call.
The call is open for everybody interested in SAMM or who wants to work on SAMM.

The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. SAMM helps you:

Evaluate an organization’s existing software security practices
Build a balanced software security assurance program in well-defined iterations
Demonstrate concrete improvements to a security assurance program
Define and measure security-related activities throughout an organization

Dell uses OWASP’s Software Assurance Maturity Model (Owasp SAMM) to help focus our resources and determine which components of our secure application development program to prioritize., (Michael J. Craigue, Information Security & Compliance, Dell, Inc.)

Get Involved

Involvement in the development of SAMM is actively encouraged!

You do not have to be a security expert in order to help out.

We have written some guidelines on our OWASPP SAMM website on how you can contribute to SAMM.

Feedback

Please use the Github Issues for feedback:

What do like?
What don’t you like?
How can we make SAMM easier to use?
How could SAMM be improved?

Help us translate!

Are you fluent in another language? Can you help translate SAMM into that language?

You can use Crowdin to do that!

Call for SAMM Sponsors

OWASP SAMM and the SAMM v2 release is the open source software security maturity model used to develop secure software for IT, application and software security technologists.

We are seeking sponsors to support OWASP SAMM. All proceeds from the sponsorship support the mission of the OWASP Foundation and the further development of SAMM. Supporting the project drives the funding for research grants, SAMM hosting, tools, templates, documents, promotion, and more.

By sponsoring SAMM, you not only support an important and flagship OWASP project, you will also get visibility during the next SAMM User Conference and recognition on the OWASP SAMM web site and the next releases of SAMM.

For more information: Contact [email protected]

Project Sponsors

Checkmarx Codific Concord Indelible Fortify Minded NCC Group PWC SecurityInnovation Splunk Toreon

Supporters

The OWASP ® Foundation works to improve the security of software through its community-led open source software projects, hundreds of chapters worldwide, tens of thousands of members, and by hosting local and global conferences.

Information

Flagship Project
Documentation
Builder
Defender
Current Version 2.0.3 (2022)

SAMM v2 model

Slack

Join OWASP Slack
Join our SAMM channel

Social Links

Code Repository

Download v1.5

All SAMM v1.5 files (.zip)
SAMM Core Model
How-To Guide
Quick Start Guide
SAMM Toolbox
SAMM Toolbox Example