Resources

SAMM assessment tools

Links to info and tools If you want to learn more about SAMM assessments, we have a couple of dedicated pages for that. First, there’s the assessment page. We also have an assessment guide, with lots of practical advice, best practices, and an example set of questions for an interview-style assessment. If you’re just looking for the links to our spreadsheets or online assessment, here they are. Spreadsheets We have 2 versions of the SAMM Toolbox, a Microsoft Excel Toolbox and a Google Spreadsheet Toolbox .

Training

A fully free, self-paced course with over 5 hours of video content. Visit the SAMM Fundamentals Course page on Thinkific. We’d really appreciate feedback on this first version of the course. Please use our Slack channel , the Discussions on GitHub or our contact form.

SAMM Mappings

Direct Mappings Mapping between NIST SSDF and SAMM In collaboration with NIST, we created mappings based on the National Online Informative Reference (OLIR) Program . An Informative Reference shows the relationships between the Reference Document elements (NIST SSDF Tasks) and a Focal Document element (OWASP SAMM Streams). This effectively helps users understand the characterization of the nature of each relationship. You can find the mapping in this spreadsheet .

SAMM YouTube channel

Watch SAMM videos Watch SAMM videos From model deep-dive sessions to presentations and project updates, our YouTube channel is a source of information on the project you don’t want to miss. Featured video During the first weekend of November 2022, the SAMM Core Team got together in Boston for an extremely productive few days of discussions and work iterations on the items from our roadmap. Take a look at some of the outcomes.

SAMM Community

External and internal SAMM community resources Here you’ll find links to places outside this website where you can interact with the SAMM team and with other SAMM users. Also, a reminder of the community-related content here on this website. Community calls We host community calls on the second Wednesday of every month. Here, we provide project updates, do model deep-dive sessions and interact with the community of SAMM users. This goes from helping out people who are getting started with SAMM to discussing tools and ways to go about the different SAMM activities.

SAMM PDF

This is a long awaited moment since the release of SAMM version 2. The community asked for it so we’ve created a PDF version of the model. View the SAMM PDF here . If you have any feedback on this, please use our Slack channel , the Discussions on GitHub or our contact form.

SAMM GitHub repositories

One project, many repos After the release of SAMM v2, we moved all of our GitHub content to the OWASP SAMM GitHub organization . Here, you can find all the repositories related to the SAMM project. Some of the repos you can find there are: Core Model Website SAMMwise (assessment tool) Also, don’t miss the Discussions section, where you can pitch your ideas, ask questions, and provide feedback.

SAMM Newsletter

SAMM Newsletter If you haven’t already, subscribe to our newsletter to have the latest SAMM news delivered to you. Issues This year’s issues February 2023 May 2023 For the full list, including issues since 2015, check out this spreadsheet .