Software Assurance Maturity Model

SAMM provides an effective and measurable way for all types of organizations to analyze and improve their software security posture.

SAMM V2 is here!

This release is a big one for the project team.
We're proud to finally share it and extremely grateful to the SAMM community.

Read our latest blog post

Getting started

Are you new to SAMM? We’ll walk you through the first steps to get you going.

SAMM assessment

Analyze your security posture using our maturity measurement tool.

Benchmarking

Where is your organization on the map? Contribute. Be a part of SAMM.

Do you want to see more?

We have prepared a list of upcoming SAMM events and trainings.

Check SAMM events

From our blog

Be an OWASP SAMM contributor and tell us about your experience using our maturity model in guest articles. Get in touch with us to share your SAMM story.

Read more

OWASP SAMM version 2 - public release

By The SAMM Project Team on January 31, 2020

After three years of preparation, our SAMM project team has delivered version 2 of SAMM! OWASP SAMM (Software Assurance Maturity Model) is the OWASP framework to help organizations assess, formulate, and implement, through our self-assessment model, a strategy for software security they can be integrated into their existing Software Development Lifecycle (SDLC). The new SAMM v2 consists of the following components: The SAMM Model overview and introduction, explaining the maturity model in detail A Quick-start Guide with different steps to improve your secure software practice An updated SAMM Toolbox to perform SAMM assessments and create SAMM roadmaps A new SAMM Benchmark initiative to compare your maturity and progress with other similar organizations and teams What’s changed with SAMM v2?

Continue reading

Read more

SAMM V2 community release

By The SAMM Project Team on December 20, 2019

SAMM v2 community launch! After three years of preparation, our SAMM project team has delivered release 2 of SAMM! First, we’re releasing SAMM v2 to the OWASP community and then plan our public release for mid-January 2020. We value your feedback and questions. To contribute, do one of the following, in decreasing order of preference: add issues to our SAMM Github repository Complete the Google form per issue Start a discussion on our #project-samm Slack channel on OWASP.

Continue reading

Read more

V2 Toolkit

on September 3, 2019

Call for feedback on new toolkit As part of our work towards OWASP SAMM V2 we’ve updated our toolbox. This beta version contains the list of new questions and quality criteria that make up our measurement model. All feedback is welcome. Try it out and get back to us. We’d love to hear your thoughts!

Continue reading

Read more

Open Security Summit 2019

on July 10, 2019

SAMM track, an overview and commentary of the event The Open Security Summit 2019 focused on the collaboration between Developers and Application Security and was organised with the support of OWASP. The 5-day sprint on SAMMv2 enabled attendees to work and collaborate intensively towards specific Application Security challenges with a focus on actionable outcomes. In addition to specific Maturity Models sessions, a large number of OWASP SAMM Working Sessions took place at the Summit.

Continue reading

Get SAMM news delivered to you

Our Sponsors

Software powers the world, but insecure software threatens safety, trust, and economic growth.
Your support powers SAMM and helps us achieve our mission.

concord microfocus nccgroup pwc splunk toreon

Find out about sponsorship