Mapping

Enabling teams with the OWASP SAMM Skills Framework

By The SAMM Project Team in mapping

February 9, 2025

Introduction

Picture this: your team is tasked with building secure, compliant software, but you’re not sure where to begin and who to involve. In today’s cloud-driven world, even solid security plans can stall if teams don’t know what tasks they own or believe they do not have the right skills to get started. Across teams, many organizations lack a clear view on ownership and shared responsibilities, whether they work with company internal service providers or external public service providers. This leads to confusion and delays the rollout of security practices.

Continue reading

Microsoft SDL and OWASP SAMM Mapping: A Comprehensive Analysis

By Aram Hovsepyan in mapping

January 20, 2025

Microsoft SDL and OWASP SAMM Mapping: A Comprehensive Analysis

Introduction

The Microsoft Security Development Lifecycle (SDL) was introduced in 2004 as Microsoft’s response to the security challenges that plagued its Windows operating system. As the first formal secure SDLC framework, it laid the foundation for many secure software development practices.

Today in its latest version, Microsoft SDL comprises 10 security practices, each containing a set of requirements designed to reduce security risks across the software development lifecycle. While Microsoft does not specify terminology, we refer to these as “requirements.” In total, there are 49 requirements across SDL’s 10 practices.

Continue reading

SAMM BSIMM Mapping

By Aram Hovsepyan, Maxim Baele in mapping

December 10, 2024

Building Security In Maturity Model (BSIMM) Mapped to OWASP SAMM

The full mapping sheet between BSIMM 14 and OWASP SAMM.

Introduction

The Building Security In Maturity Model (BSIMM) and OWASP Software Assurance Maturity Model (SAMM) share a common history. Both were conceived around 2008-2009 and are based on OpenSAMM, which was created by Pravir Chandra. Over time, however, these two models have evolved independently, with distinct conceptual differences. We have previously explored these differences in detail . Despite their divergence, both frameworks aim to help organizations enhance their application security programs. Recognizing this shared mission, we have developed a detailed mapping between SAMM and BSIMM, highlighting their similarities and points of alignment.

Continue reading

Tackling App Security with SAMM-NIST SSDF Mapping

By The SAMM Project Team in mapping

February 6, 2023

The Application Security Challenge

The increasing dependence on software in our daily lives has made the challenge of ensuring its security more pressing. Despite being a critical concern, cybersecurity is often not a priority for organizations until there is an incident or breach. This has resulted in the cost of cyber insurance doubling in the past two years and the total cost of cybercrime in 2022 reaching $7 trillion . To address this challenge, organizations are increasing their cyber budgets but are still struggling to adopt an effective security program that can provide a return on investment. The need for a comprehensive and effective security program is more important than ever to maintain the protection of sensitive information and the stability of digital infrastructure.

Continue reading

Search

Categories

Tags