what's new

SAMM is doing CI/CD

What version 2 brought along A significant change that happened behind the scenes for SAMM 2.0 was the addition of a CI/CD pipeline, the automated version of all the steps we need to deliver SAMM. It has enhanced our productivity, providing standardization and enabling faster iterations. At the core of Continuous Integration and Continuous Delivery are speed of delivery, reliability, and visibility. This process encourages frequent updates, allows quick fixes, and ensures a set of checks before deployment.

Continue reading

OWASP SAMM version 2 - public release

After three years of preparation, our SAMM project team has delivered version 2 of SAMM! OWASP SAMM (Software Assurance Maturity Model) is the OWASP framework to help organizations assess, formulate, and implement, through our self-assessment model, a strategy for software security they can integrate into their existing Software Development Lifecycle (SDLC). The new SAMM v2 consists of the following components: The SAMM Model overview and introduction, explaining the maturity model in detail A Quick-start Guide with different steps to improve your secure software practice An updated SAMM Toolbox to perform SAMM assessments and create SAMM roadmaps A new SAMM Benchmark initiative to compare your maturity and progress with other similar organizations and teams What’s changed with SAMM v2?

Continue reading

SAMM V2 community release

SAMM v2 community launch! After three years of preparation, our SAMM project team has delivered release 2 of SAMM! First, we’re releasing SAMM v2 to the OWASP community and then plan our public release for mid-January 2020. We value your feedback and questions. To contribute, do one of the following, in decreasing order of preference: add issues to our SAMM Github repository Complete the Google form per issue Start a discussion on our #project-samm Slack channel on OWASP.

Continue reading

Version 2 Beta

The original model (v1.0) was written by Pravir Chandra and dates back from 2009. Over the last 10 years, it has proven a widely distributed and effective model for improving secure software practices in different types of organisations throughout the world. Translations and supporting tools have been contributed by the community to facilitate adoption and alignment. With version 2.0, we further improve the model to deal with some of its current limitations.

Continue reading