Thank you!

The first 2021 User Day live event might be over
but you can still watch all the talks.

Do you want to see more?

We have prepared a list of upcoming SAMM events and trainings.

Check SAMM events

From our blog

Be an OWASP SAMM contributor and tell us about your experience using our maturity model in guest articles. Get in touch with us to share your SAMM story.

Towards a well-governed SAMM Suite

By The SAMM Project Team on March 23, 2021

Improving the velocity of OWASP SAMM Some years back, SAMM was a typical old school documentation project. Creation of all the documents was a purely manual and error-prone process. We fought a very complicated manual build procedure of the project PDF which only a few people knew how to deal with. Already fixed errors kept reappearing and it was hard to know who actually had the latest version in their mailbox.

Continue reading


By The SAMM Project Team on February 9, 2021

What happened in 2020? This was a special year but still a lot happened for SAMM. The team worked hard to continue delivering and adding value for our users. New version, new website, new ways of getting together In 2020 we launched OWASP SAMM v2.0, more than 10 years after OpenSAMM v1.0 was launched on March 25th, 2009 by Pravir Chandra. Throughout 2020 we developed and released a new website and promoted the launch of SAMM v2.

Continue reading

Comparing BSIMM & SAMM

By Brian Glas on October 29, 2020

Building Security In Maturity Model (BSIMM) compared to Software Assurance Maturity Model (SAMM) A common origin BSIMM (Building Security In Maturity Model) and SAMM (Software Assurance Maturity Model) have similar origins dating back to a common origin back in 2008-2009. I’m frequently asked about what is similar and what is different between the two models, so I wrote up this comparison to help organizations understand which of these two models may be a better fit for their needs.

Continue reading

SAMM is doing CI/CD

By The SAMM Project Team on March 31, 2020

What version 2 brought along A significant change that happened behind the scenes for SAMM 2.0 was the addition of a CI/CD pipeline, the automated version of all the steps we need to deliver SAMM. It has enhanced our productivity, providing standardization and enabling faster iterations. At the core of Continuous Integration and Continuous Delivery are speed of delivery, reliability, and visibility. This process encourages frequent updates, allows quick fixes, and ensures a set of checks before deployment.

Continue reading

Get SAMM news delivered to you

Our Sponsors

Software powers the world, but insecure software threatens safety, trust, and economic growth.
Your support powers SAMM and helps us achieve our mission.

checkmarx concord indelible microfocus minded security ncc group pwc security innovation splunk toreon

Find out about sponsorship