The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. SAMM helps you:

SAMM 1.5

See also:

SAMM 2.0

SAMM 2.0 is currently a work-in-progress. You can see the working copy below which is generated from our GitHub repo.

If you would like to contribute to the next major version of OWASP SAMM, we recommend reviewing the in-development content we have so far and raising / commenting on issues in GitHub.

Core Model

Business Functions