Software Assurance Maturity Model

SAMM provides an effective and measurable way for all types of organizations to analyze and improve their software security posture.

Getting started

Are you new to SAMM? We’ll walk you through the first steps to get you going.

SAMM assessment

Analyze your security posture using our maturity measurement tool.

Benchmarking

Where is your organization on the map? Contribute. Be a part of SAMM.

SAMM PDF

We have created a PDF version of the SAMM model.

View SAMM PDF

From our blog

Be an OWASP SAMM contributor and tell us about your experience using our maturity model in guest articles. Get in touch with us to share your SAMM story.

Read more

Introducing SAMM Practitioners

By The SAMM Project Team on December 5, 2022

Why SAMM Practitioners? We want to adopt OWASP SAMM 2.0 at my workplace. Can you recommend a company to help us do this? SAMM team members get asked this a lot through the different channels of communication like our Slack channel and the contact form on the website. Obviously, we know many companies, organizations, and individuals who can do this. We are a community-driven project and a number of volunteers have contributed to SAMM so it wasn’t an easy answer for us to provide.

Continue reading

Read more

Addressing Log4J vulnerabilities with SAMM

By The SAMM Project Team on February 7, 2022

It’s that dreaded notification. The one that holds the threat, and later the reality, of many sleepless nights. The newest vulnerability is here and its severity is considered critical. This Log4J vulnerability (CVE-2021-44228) has caused quite the stir, and rightfully so. It’s kept security peeps on our toes for the last few months so it was interesting to see this topic come up during our last SAMM monthly community call.

Continue reading

Read more

OWASP SAMM Train the Trainer

By The SAMM Project Team on November 30, 2021

Expanding awareness of OWASP SAMM To introduce new users to the OWASP Software Assurance Maturity Model (SAMM), the SAMM project team has presented their one-day overview training class several times each year. These classes often run in conjunction with OWASP’s global and regional conference events. The instructors for that training class - currently titled “Secure Your SDLC using OWASP SAMM - ASAP!” - have usually been the project’s leaders, Sebastien (Seba) Deleersnyder and Bart de Win, or other SAMM team members.

Continue reading

Read more

Towards a well-governed SAMM Suite

By The SAMM Project Team on March 23, 2021

Improving the velocity of OWASP SAMM Some years back, SAMM was a typical old school documentation project. Creation of all the documents was a purely manual and error-prone process. We fought a very complicated manual build procedure of the project PDF which only a few people knew how to deal with. Already fixed errors kept reappearing and it was hard to know who actually had the latest version in their mailbox.

Continue reading

Get SAMM news delivered to you

Our Sponsors

Software powers the world, but insecure software threatens safety, trust, and economic growth.
Your support powers SAMM and helps us achieve our mission.

checkmarx codific concord indelible microfocus minded security ncc group pwc security innovation splunk toreon

Find out about sponsorship