Resources

SAMM assessment tools

Links to info and tools If you want to learn more about SAMM assessments, we have a couple of dedicated pages for that. First, there’s the assessment page. We also have an assessment guide, with lots of practical advice, best practices, and an example set of questions for an interview-style assessment. If you’re just looking for the links to our spreadsheets or online assessment, here they are. Spreadsheets We have 2 versions of the SAMM Toolbox, a Microsoft Excel Toolbox and a Google Spreadsheet Toolbox .

Read more

Training

A fully free, self-paced course with over 5 hours of video content. Visit the SAMM Fundamentals Course page on Thinkific. We’d really appreciate feedback on this first version of the course. Please use our Slack channel , the Discussions on GitHub or our contact form.

Read more

SAMM Mappings

OpenCRE The SAMM model pages on the website have links to OpenCRE in every stream. By linking SAMM to OpenCRE , we’ve made it easier for our users to find relevant and useful resources with every stream, as well as to see how SAMM aligns with other security standards such as NIST SSDF, ISO27K, PCI-DSS, OWASP ASVS, and NIST 800-53. Learn more in the OWASP SAMM now connects to OpenCRE blog post.

Read more

SAMM YouTube channel

Watch SAMM videos Watch SAMM videos From model deep-dive sessions to presentations and project updates, our YouTube channel is a source of information on the project you don’t want to miss. Featured video During the first weekend of November 2022, the SAMM Core Team got together in Boston for an extremely productive few days of discussions and work iterations on the items from our roadmap. Take a look at some of the outcomes.

Read more

SAMM Community

External and internal SAMM community resources Here you’ll find links to places outside this website where you can interact with the SAMM team and with other SAMM users. Also, a reminder of the community-related content here on this website. Community calls We host community calls on the second Wednesday of every month. Here, we provide project updates, do model deep-dive sessions and interact with the community of SAMM users. This goes from helping out people who are getting started with SAMM to discussing tools and ways to go about the different SAMM activities.

Read more

SAMM PDF

This is a long awaited moment since the release of SAMM version 2. The community asked for it so we’ve created a PDF version of the model. View the SAMM PDF here . If you have any feedback on this, please use our Slack channel , the Discussions on GitHub or our contact form.

Read more

SAMM GitHub repositories

One project, many repos After the release of SAMM v2, we moved all of our GitHub content to the OWASP SAMM GitHub organization . Here, you can find all the repositories related to the SAMM project. Some of the repos you can find there are: Core Model Website SAMMwise (assessment tool) Also, don’t miss the Discussions section, where you can pitch your ideas, ask questions, and provide feedback.

Read more

SAMM Newsletter

SAMM Newsletter If you haven’t already, subscribe to our newsletter to have the latest SAMM news delivered to you. Issues This year’s issues February 2023 May 2023 For the full list, including issues since 2015, check out this spreadsheet .

Read more