Measuring your software assurance posture
The SAMM assessment toolbox lets you measure the quality of your software assurance maturity performance. Review your security activities against defined quality criteria and calculate your maturity score.
We suggest reading our Quick Start Guide before you begin.
Self-assessment
Your first step towards improvement is to measure where you are now. Start with a self-assessment to get an overview of the status of software security activities in your organization. You can also run a self-assessment together with other people involved in your software development process.
Read the Assessment Guide before you start.
We have two versions of the SAMM Toolbox:
Once you download the SAMM Toolbox, open the “Interview” tab. You will see a list of questions for each of the activities in the SAMM Model . Each question has a set of quality criteria listed beneath it. Evaluate whether these criteria are met. If they are not completely fulfilled, answer “No”. If they are met, choose any of the other options. As you fill in the questions, the Scorecard tab updates automatically with your current maturity score.
Online assessment
SAMMwise allows you to self-host an online assessment tool.
SAMMY is a third-party tool by Codific, one of our sponsors, that also supports online SAMM assessments.
Next steps
Based on your assessment, you can set targets for improvement and use the Toolbox to create and track your own SAMM roadmap.
We encourage you to share your SAMM assessment data with our Benchmark initiative. Once we have enough data available, you can start to compare yourself with your peers.