Terms and Conditions
1. Introduction
Welcome to the OWASP SAMM Benchmark data collection platform. These Terms and Conditions govern your use of our platform including the collection, storage, and processing of data from OWASP SAMM assessments and related metadata. By accessing or using the platform, you agree to comply with and be bound by these terms in full. If you disagree with any part of these terms, please do not use our platform.
2. Data Collection
We collect the following types of data:
- Results from OWASP SAMM assessments
- Metadata associated with the assessments
Importantly, we do not collect interview notes to ensure we avoid capturing potentially sensitive information.
3. Data Use
The data we collect is used for research purposes. The OWASP SAMM Core Team uses this data to share insights on SAMM usage and to drive the development of the core model and provide additional guidance. Furthermore, the OWASP SAMM Core Team may grant access to the raw, anonymized data to third-party researchers. Any such data sharing will be governed by a separate “Data Transfer and Use Agreement” which will reflect the promises and commitments made in these Terms and Conditions.
4. Data Retention
There isn’t a fixed retention period for the data submitted. While data may age and eventually be excluded from certain reports over time, it will remain part of the dataset unless specifically requested for removal. The OWASP SAMM Core Team reserves the right to remove data upon request from the original submitter (practitioner) or if fraudulent activity is suspected.
5. User’s Rights
Submitting practitioners or companies reserve the right to
- access their submitted data
- amend any inaccuracies in their data
- withdraw their consent
- request deletion of their data
- raise objections regarding data processing
6. Changes to Terms
We reserve the right to modify these terms periodically. We recommend checking this page regularly for any updates or changes.
7. Jurisdiction
These terms shall be construed and enforced in accordance with and governed by the laws of the Commonwealth of Massachusetts without giving effect to the principles of conflicts of laws thereof.