CRA Compliance with OWASP SAMM
The Cyber Resilience Act (CRA) is a European regulation that introduces cybersecurity requirements as part of CE marking for products that are placed on the …
13 minute readNavigating the AI Frontier: How OWASP SAMM Secures the Next Generation of Software
A recent episode of the SAMM Podcast , featuring SAMM Core Team members Sebastien Deleersnyder (Seba) and Nariman Aga-Tagiyev with Bart De Win as host, explored …
4 minute readIntroducing the SAMM Benchmark Report
The world of software security evolves rapidly, with new challenges and best practices emerging every day. For organizations striving to build robust …
2 minute readEnabling teams with the OWASP SAMM Skills Framework
Picture this: your team is tasked with building secure, compliant software, but you’re not sure where to begin and who to involve. In today’s cloud-driven …
5 minute readSAMM Scoring: Percent to Target and Progress to Date Metrics
A common question among SAMM users is whether specific activities, streams, or entire practices can be marked as not applicable. This seems reasonable: some …
7 minute readMicrosoft SDL and OWASP SAMM Mapping: A Comprehensive Analysis
The Microsoft Security Development Lifecycle (SDL) was introduced in 2004 as Microsoft’s response to the security challenges that plagued its Windows operating …
5 minute readSAMM BSIMM Mapping
The full mapping sheet between BSIMM 14 and OWASP SAMM. Introduction
5 minute readOWASP SAMM now connects to OpenCRE
We are excited to announce that each OWASP-SAMM stream now uses OpenCRE.org to link to other standards and guidelines. OpenCRE stands for Open Common …
4 minute readDetermining scope when implementing SAMM
When performing a SAMM assessment, should the scope be the whole organization or something smaller, like a business unit or a single team? The short answer: …
1 minute readHow ISO and SAMM complement each other
October 2022 brought us the third revision of the ISO/IEC 27001 standard.
4 minute readThe "Not Applicable" Question
Since the initial publication of SAMM 2.0, several SAMM users have asked how to address Activities or Quality Criteria they believe are not applicable to their …
7 minute readTackling App Security with SAMM-NIST SSDF Mapping
The increasing dependence on software in our daily lives has made the challenge of ensuring its security more pressing. Despite being a critical concern, …
6 minute readIntroducing SAMM Practitioners
We want to adopt OWASP SAMM 2.0 at my workplace. Can you recommend a company to help us do this?
2 minute readAddressing Log4J vulnerabilities with SAMM
It’s that dreaded notification. The one that holds the threat, and later the reality, of many sleepless nights. The newest vulnerability is here and its …
6 minute readOWASP SAMM Train the Trainer
To introduce new users to the OWASP Software Assurance Maturity Model (SAMM), the SAMM project team has presented their one-day overview training class several …
3 minute readTowards a well-governed SAMM Suite
Some years back, SAMM was a typical old school documentation project. Creation of all the documents was a purely manual and error-prone process. We fought a …
5 minute readOWASP SAMM Roadmap
This was a special year but still a lot happened for SAMM. The team worked hard to continue delivering and adding value for our users. New version, new website, …
3 minute readComparing BSIMM & SAMM
BSIMM (Building Security In Maturity Model) and SAMM (Software Assurance Maturity Model) have similar origins dating back to a common origin back in 2008-2009. …
6 minute readSAMM is doing CI/CD
A significant change that happened behind the scenes for SAMM 2.0 was the addition of a CI/CD pipeline, the automated version of all the steps we need to …
3 minute readOWASP SAMM version 2 - public release
OWASP SAMM (Software Assurance Maturity Model) is the OWASP framework to help organizations assess, formulate, and implement, through our self-assessment model, …
4 minute readSAMM V2 community release
After three years of preparation, our SAMM project team has delivered release 2 of SAMM!
2 minute readOpen Security Summit 2019
The Open Security Summit 2019 focused on the collaboration between Developers and Application Security and was organised with the support of OWASP. The 5-day …
2 minute readVersion 2 Beta
The original model (v1.0) was written by Pravir Chandra and dates back from 2009. Over the last 10 years, it has proven a widely distributed and effective model …
3 minute read