The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. SAMM helps you:
- Evaluate an organization’s existing software security practices
- Build a balanced software security assurance program in well-defined iterations
- Demonstrate concrete improvements to a security assurance program
- Define and measure security-related activities throughout an organization
SAMM 1.5 STABLE
SAMM 2.0 BETA DRAFT
SAMM 2.0 is currently a work-in-progress. You can see the working copy below which is generated from our GitHub repo.
If you would like to contribute to the next major version of OWASP SAMM, we recommend reviewing the in-development content we have so far and raising / commenting on issues in GitHub.