Software Assurance Maturity Model

SAMM provides an effective and measurable way for all types of organizations to analyze and improve their software security posture.

Getting started

Are you new to SAMM? We’ll walk you through the first steps to get you going.

SAMM assessment

Analyze your security posture using our maturity measurement tool.

Benchmark

Where is your organization on the map? Contribute. Be a part of SAMM.

SAMM Fundamentals Course

A free, self-paced course to get you started with SAMM

Visit the SAMM Fundamentals Course page

From our blog

Be an OWASP SAMM contributor and tell us about your experience using our maturity model in guest articles. Get in touch with us to share your SAMM story.

Read more

CRA Compliance with OWASP SAMM

By The SAMM Project Team on February 27, 2026

An introduction to the CRA The Cyber Resilience Act (CRA) is a European regulation that introduces cybersecurity requirements as part of CE marking for products that are placed on the European market after the 11th of December 2027. Most of you will be familiar with the “CE” mark, a label indicating that the product where it is affixed to is compliant with relevant EU legislation, and may therefore be sold anywhere in the European Economic Area (EEA) without having to import it in each European country separately.

Continue reading

Read more

Navigating the AI Frontier: How OWASP SAMM Secures the Next Generation of Software

By The SAMM Project Team on January 20, 2026

A recent episode of the SAMM Podcast , featuring SAMM Core Team members Sebastien Deleersnyder (Seba) and Nariman Aga-Tagiyev with Bart De Win as host (link), explored a critical question: As organizations rapidly adopt AI and build AI-powered applications, how does the OWASP Software Assurance Maturity Model (SAMM) apply to securing this new frontier? Here is a look into the discussion on the current applicability of SAMM, the unique risks of AI, and the model’s path forward.

Continue reading

Read more

Introducing the SAMM Benchmark Report

By The SAMM Project Team on May 7, 2025

Unlocking New Insights in Application Security The world of software security evolves rapidly, with new challenges and best practices emerging every day. For organizations striving to build robust application security programs, the ability to compare practices and measure progress against industry peers is invaluable. This is where the SAMM Benchmark Report steps in—a comprehensive analysis based on real-world data that provides actionable insights into the current state of application security maturity.

Continue reading

Read more

Enabling teams with the OWASP SAMM Skills Framework

By The SAMM Project Team on February 9, 2025

Introduction Picture this: your team is tasked with building secure, compliant software, but you’re not sure where to begin and who to involve. In today’s cloud-driven world, even solid security plans can stall if teams don’t know what tasks they own or believe they do not have the right skills to get started. Across teams, many organizations lack a clear view on ownership and shared responsibilities, whether they work with company internal service providers or external public service providers.

Continue reading

Get SAMM news delivered to you

Our Sponsors

Software powers the world, but insecure software threatens safety, trust, and economic growth.
Your support powers SAMM and helps us achieve our mission.

GOLD SPONSORS

codific

SILVER SPONSORS

checkmarx microfocus minded security ncc group pwc SafeStack security innovation splunk Toreon

Find out about sponsorship