Quick Start Guide

New to SAMM? This guide walks you through six steps to assess your organization’s software security posture and build a plan to improve it.

You don’t need to tackle everything at once. Steps 1 through 4 are planning work: one person can complete them in one to two days, and even that alone will give you clear direction on where to focus. Steps 5 and 6 are where sustained effort begins, typically spanning multiple phases over months.

SAMM Steps diagram showing the six-step cycle

Step 1: Prepare

Ensure a proper start of the project by defining scope, identifying stakeholders, and building awareness.

Step 2: Assess

Identify and understand the maturity of your chosen scope in each of the 15 software security practices.

Step 3: Set the Target

Develop a target score to guide you toward the most important activities for your situation.

Step 4: Define the Plan

Develop or update your roadmap plan to take your organization to the next maturity level.

Step 5: Implement

Execute the plan by implementing the activities defined in your roadmap.

Step 6: Roll Out

Ensure that improvements are available and effectively used throughout the organization.

Learn more

SAMM Fundamentals Course

A free, self-paced course with over 5 hours of video content.

YouTube Channel

The SAMM Podcast, deep-dive sessions, community calls, and User Day recordings.