RESOURCES | TAGS | model

SAMM assessment tools

Links to info and tools If you want to learn more about SAMM assessments, we have a couple of dedicated pages for that. First, there’s the assessment page. We also have an assessment guide, with lots of practical advice, best practices, and an example set of questions for an interview-style assessment. If you’re just looking for the links to our spreadsheets or online assessment, here they are. Spreadsheets We have 2 versions of the SAMM Toolbox, a Microsoft Excel Toolbox and a Google Spreadsheet Toolbox .

Read more

Training

A fully free, self-paced course with over 5 hours of video content. Visit the SAMM Fundamentals Course page on Thinkific. We’d really appreciate feedback on this first version of the course. Please use our Slack channel , the Discussions on GitHub or our contact form.

Read more

SAMM Mappings

Direct Mappings Mapping between NIST SSDF and SAMM In collaboration with NIST, we created mappings based on the National Online Informative Reference (OLIR) Program . An Informative Reference shows the relationships between the Reference Document elements (NIST SSDF Tasks) and a Focal Document element (OWASP SAMM Streams). This effectively helps users understand the characterization of the nature of each relationship. You can find the mapping in this spreadsheet .

Read more

SAMM PDF

This is a long awaited moment since the release of SAMM version 2. The community asked for it so we’ve created a PDF version of the model. View the SAMM PDF here . If you have any feedback on this, please use our Slack channel , the Discussions on GitHub or our contact form.

Read more

SAMM GitHub repositories

One project, many repos After the release of SAMM v2, we moved all of our GitHub content to the OWASP SAMM GitHub organization . Here, you can find all the repositories related to the SAMM project. Some of the repos you can find there are: Core Model Website SAMMwise (assessment tool) Also, don’t miss the Discussions section, where you can pitch your ideas, ask questions, and provide feedback.

Read more

Categories

Tags