Software Assurance Maturity Model

SAMM provides an effective and measurable way for all types of organizations to analyze and improve their software security posture.

WATCH ON YOUTUBE


Watch the SAMM User Day Barcelona presentations
on our YouTube channel.

User Day page SAMM Presentations on YouTube

Getting started

Are you new to SAMM? We’ll walk you through the first steps to get you going.

SAMM assessment

Analyze your security posture using our maturity measurement tool.

Benchmark

Where is your organization on the map? Contribute. Be a part of SAMM.

SAMM Fundamentals Course

A free, self-paced course to get you started with SAMM

Visit the SAMM Fundamentals Course page

From our blog

Be an OWASP SAMM contributor and tell us about your experience using our maturity model in guest articles. Get in touch with us to share your SAMM story.

Read more

Introducing the SAMM Benchmark Report

By The SAMM Project Team on May 7, 2025

Unlocking New Insights in Application Security The world of software security evolves rapidly, with new challenges and best practices emerging every day. For organizations striving to build robust application security programs, the ability to compare practices and measure progress against industry peers is invaluable. This is where the SAMM Benchmark Report steps in—a comprehensive analysis based on real-world data that provides actionable insights into the current state of application security maturity.

Continue reading

Read more

Enabling teams with the OWASP SAMM Skills Framework

By The SAMM Project Team on February 9, 2025

Introduction Picture this: your team is tasked with building secure, compliant software, but you’re not sure where to begin and who to involve. In today’s cloud-driven world, even solid security plans can stall if teams don’t know what tasks they own or believe they do not have the right skills to get started. Across teams, many organizations lack a clear view on ownership and shared responsibilities, whether they work with company internal service providers or external public service providers.

Continue reading

Read more

SAMM Scoring: Percent to Target and Progress to Date Metrics

By Aram Hovsepyan on January 21, 2025

SAMM Scoring: Percent to Target and Progress to Date Metrics Introduction: the “not applicable” answer A common question among SAMM users is whether specific activities, streams, or entire practices can be marked as not applicable. This seems reasonable—some security activities might not fit an organization’s current reality. For example, the Supplier Security stream focuses on supply-chain risks in outsourced development. If your organization doesn’t outsource, it might seem irrelevant. The SAMM core team acknowledges this, but emphasizes future readiness.

Continue reading

Read more

Microsoft SDL and OWASP SAMM Mapping: A Comprehensive Analysis

By Aram Hovsepyan on January 20, 2025

Microsoft SDL and OWASP SAMM Mapping: A Comprehensive Analysis Introduction The Microsoft Security Development Lifecycle (SDL) was introduced in 2004 as Microsoft’s response to the security challenges that plagued its Windows operating system. As the first formal secure SDLC framework, it laid the foundation for many secure software development practices. Today in its latest version, Microsoft SDL comprises 10 security practices, each containing a set of requirements designed to reduce security risks across the software development lifecycle.

Continue reading

Get SAMM news delivered to you

Our Sponsors

Software powers the world, but insecure software threatens safety, trust, and economic growth.
Your support powers SAMM and helps us achieve our mission.

GOLD SPONSORS

codific

SILVER SPONSORS

checkmarx concord microfocus minded security ncc group pwc security innovation splunk Toreon

Find out about sponsorship