USER DAY SAN FRANCISCO


Thank you all for an exciting event!

Check out the day's highlights
on our User Day page.

SAMM Fundamentals Course

A free, self-paced course to get you started with SAMM

Visit the SAMM Fundamentals Course page

From our blog

Be an OWASP SAMM contributor and tell us about your experience using our maturity model in guest articles. Get in touch with us to share your SAMM story.

SAMM BSIMM Mapping

By Aram Hovsepyan, Maxim Baele on December 10, 2024

Building Security In Maturity Model (BSIMM) Mapped to OWASP SAMM The full mapping sheet between BSIMM 14 and OWASP SAMM. Introduction The Building Security In Maturity Model (BSIMM) and OWASP Software Assurance Maturity Model (SAMM) share a unique history. Both were conceived around 2008-2009, during the early days of structured application security maturity frameworks. Over time, however, these two models have evolved independently, with distinct conceptual differences. We have previously explored these differences in detail (reference).

Continue reading

OWASP SAMM now connects to OpenCRE

By The SAMM Project Team on September 20, 2023

We are excited to announce that each OWASP-SAMM stream now uses OpenCRE.org to link to other standards and guidelines. OpenCRE stands for Open Common Requirement Enumeration, and it aims to provide a common language and framework for mapping and comparing different security standards, guidelines, and frameworks. By linking SAMM to OpenCRE, we’ve made it easier for our users to find relevant and useful resources with every stream, as well as to see how SAMM aligns with other security standards such as NIST SSDF, ISO27K, PCI-DSS, OWASP ASVS, and NIST 800-53.

Continue reading

Determining scope when implementing SAMM

By The SAMM Project Team on May 24, 2023

When performing a SAMM assessment, should the scope be the whole organization or should it be smaller, like a business unit or even a single team or application? The short answer? Start small. Getting started Start by evaluating your goals. What do you want to achieve? Do you aim to identify and prioritize areas of improvement in your organization’s security posture? Do you seek to establish a baseline for measuring the effectiveness of your security program over time?

Continue reading

How ISO and SAMM complement each other

By The SAMM Project Team on March 21, 2023

October 2022 brought us the third revision of the ISO/IEC 27001 standard. The revisions included simplifying the domains and controls, using more practical language, and introducing new controls. The addition of a separate control for “Secure Coding.” provides an opportunity to highlight how OWASP SAMM and ISO 27001 are complementary standards. In this blog post, we shine light on how they intersect and how, implemented together, you can maximize their effectiveness and value.

Continue reading

Get SAMM news delivered to you

Our Sponsors

Software powers the world, but insecure software threatens safety, trust, and economic growth.
Your support powers SAMM and helps us achieve our mission.

GOLD SPONSORS

codific

SILVER SPONSORS

checkmarx concord indelible microfocus minded security ncc group pwc security innovation splunk Toreon

Find out about sponsorship