Some years back, SAMM was a typical old school documentation project. Creation of all the documents was a purely manual and error-prone process. We fought a very complicated manual build procedure of the project PDF which only a few people knew how to deal with. Already fixed errors kept reappearing and it was hard to know who actually had the latest version in their mailbox.
This was a special year but still a lot happened for SAMM. The team worked hard to continue delivering and adding value for our users.
In 2020 we launched OWASP SAMM v2.0, more than 10 years after OpenSAMM v1.0 was launched on March 25th, 2009 by Pravir Chandra.
Throughout 2020 we developed and released a new website and promoted the launch of SAMM v2.0 to our community. We had a dynamic and rewarding online SAMM User Day on 16th of June 2020.
A significant change that happened behind the scenes for SAMM 2.0 was the addition of a CI/CD pipeline, the automated version of all the steps we need to deliver SAMM. It has enhanced our productivity, providing standardization and enabling faster iterations. At the core of Continuous Integration and Continuous Delivery are speed of delivery, reliability, and visibility. This process encourages frequent updates, allows quick fixes, and ensures a set of checks before deployment. It increases visibility, since every team member can see what is going on with the code.
OWASP SAMM (Software Assurance Maturity Model) is the OWASP framework to help organizations assess, formulate, and implement, through our self-assessment model, a strategy for software security they can integrate into their existing Software Development Lifecycle (SDLC).
The new SAMM v2 consists of the following components:
For those organizations using earlier versions of SAMM, it’s important to take the time to understand how the framework has evolved in favor of automation and better alignment with development teams. Organizationally, some important changes worth noting:
After three years of preparation, our SAMM project team has delivered release 2 of SAMM!
First, we’re releasing SAMM v2 to the OWASP community and then plan our public release for mid-January 2020. We value your feedback and questions. To contribute, do one of the following, in decreasing order of preference:
SAMM’s mission is to raise awareness and educate organizations on how to design, develop, and implement secure software through our self-assessment model. The new SAMM release v2 consists of:
The original model (v1.0) was written by Pravir Chandra and dates back from 2009. Over the last 10 years, it has proven a widely distributed and effective model for improving secure software practices in different types of organisations throughout the world. Translations and supporting tools have been contributed by the community to facilitate adoption and alignment. With version 2.0, we further improve the model to deal with some of its current limitations.
OWASP SAMM is published under the CC BY-SA 4.0 license and we share the OWASP Privacy Policy
Template by Bootstrapious. Ported to Hugo by DevCows
