Software Assurance Maturity Model

SAMM provides an effective and measurable way for all types of organizations to analyze and improve their software security posture.

Getting started

Are you new to SAMM? We’ll walk you through the first steps to get you going.

SAMM assessment

Analyze your security posture using our maturity measurement tool.

Benchmarking

Where is your organization on the map? Contribute. Be a part of SAMM.

SAMM PDF

We have created a PDF version of the SAMM model.

View SAMM PDF

From our blog

Be an OWASP SAMM contributor and tell us about your experience using our maturity model in guest articles. Get in touch with us to share your SAMM story.

Read more

How ISO and SAMM complement each other

By The SAMM Project Team on March 21, 2023

October 2022 brought us the third revision of the ISO/IEC 27001 standard. The revisions included simplifying the domains and controls, using more practical language, and introducing new controls. The addition of a separate control for “Secure Coding.” provides an opportunity to highlight how OWASP SAMM and ISO 27001 are complementary standards. In this blog post, we shine light on how they intersect and how, implemented together, you can maximize their effectiveness and value.

Continue reading

Read more

The "Not Applicable" Question

By The SAMM Project Team on February 28, 2023

The Core Team’s Thoughts Since the initial publication of SAMM 2.0, several SAMM users have asked how to address Activities or Quality Criteria they believe are not applicable to their assessment’s scope. At the recent SAMM Core Team Summit in Boston, we discussed this question at some length, and this article summarizes that conversation. The topic really involves several questions, which we’ll address one at a time. Is it valid to declare an Activity Not Applicable?

Continue reading

Read more

Tackling App Security with SAMM-NIST SSDF Mapping

By The SAMM Project Team on February 6, 2023

The Application Security Challenge The increasing dependence on software in our daily lives has made the challenge of ensuring its security more pressing. Despite being a critical concern, cybersecurity is often not a priority for organizations until there is an incident or breach. This has resulted in the cost of cyber insurance doubling in the past two years and the total cost of cybercrime in 2022 reaching $7 trillion .

Continue reading

Read more

Introducing SAMM Practitioners

By The SAMM Project Team on December 5, 2022

Why SAMM Practitioners? We want to adopt OWASP SAMM 2.0 at my workplace. Can you recommend a company to help us do this? SAMM team members get asked this a lot through the different channels of communication like our Slack channel and the contact form on the website. Obviously, we know many companies, organizations, and individuals who can do this. We are a community-driven project and a number of volunteers have contributed to SAMM so it wasn’t an easy answer for us to provide.

Continue reading

Get SAMM news delivered to you

Our Sponsors

Software powers the world, but insecure software threatens safety, trust, and economic growth.
Your support powers SAMM and helps us achieve our mission.

checkmarx codific concord indelible microfocus minded security ncc group pwc security innovation splunk toreon

Find out about sponsorship