OWASP SAMM Roadmap

By The SAMM Project Team | February 9, 2021

What happened in 2020?

This was a special year but still a lot happened for SAMM. The team worked hard to continue delivering and adding value for our users.

2020

New version, new website, new ways of getting together

In 2020 we launched OWASP SAMM v2.0, more than 10 years after OpenSAMM v1.0 was launched on March 25th, 2009 by Pravir Chandra.

Throughout 2020 we developed and released a new website and promoted the launch of SAMM v2.0 to our community. We had a dynamic and rewarding online SAMM User Day on 16th of June 2020.

The SAMM summit

On the 15th and 16th of November 2020 the SAMM core team came together for our annual SAMM Summit. Because of COVID we organized it as a virtual online summit. During the summit the team made some great progress. We

  • designed a new GitHub structure to start as a separate organization
  • cleaned up our existing GitHub repository
  • created an outreach plan for 2021
  • designed the integration of OWASP references into the YAML structure and website publication
  • outlined new SAMM implementation roadmaps to add as guidance to the model
  • have a new versioning plan
  • made significant progress on the PDF generation
  • finalized the translation process - we will publish a special blog post on this soon
  • outlined the basic requirements for an online SAMM assessment tool

In addition, we discussed and confirmed our SAMM roadmap for the years to come. One of the benefits of our project CI/CD pipeline is that we can release SAMM more often in smaller iterations. So expect more frequent releases of SAMM in the coming months and years!

So, what’s next?

Our main objective is to be the primary open source software assurance maturity framework for organizations and people worldwide to create safer products and services for society.

moving forward

We foresee major improvements in the coming years with the next releases of OWASP SAMM and have categorized them according to our planning horizon.

Short-term horizon

Within the next few months

  • Model translations
  • Toolbox translation
  • Mappings
  • OWASP references
  • PDF generation
  • Data model for assessments and benchmark
  • Migration to new GitHub organization https://github.com/owaspsamm/
  • Roadmap templates
  • Improved quickstart guide

Medium-term horizon

In 2021

  • Online SAMM training
  • SAMM webinars
  • Online assessment tool
  • Benchmark governance
  • Activity-specific guidance (with labels)
  • Extra mappings (e.g. technologies)
  • External references
  • SAMM assessor and implementation vendor list
  • Evaluation of stream-specific scoring and graphing
  • Model accessibility through API

Long-term horizon

Beyond 2021

  • Committed assessment data to the benchmark data
  • Online roadmaps with benchmark overlays
  • Vertical industry benchmarks
  • Vertical specific scoring & weighing
  • User community platform to exchange experience and best practices

Come join us!

We are always looking for volunteers to help us achieve our objectives. If you are interested in helping us make the software world a safer place and you have some free cycles, please check out our contributions page or get in touch with us!

Thank you,

The SAMM project team.


SAMM is a community-driven project and we always welcome feedback and suggestions.