An overview and comparison of SAMM and DSOMM

Aram - Codific CEOTimo - OWASP DSOMM Co-Leader
Abstract
Many practitioners struggle to understand how SAMM AND DSOMM differ and where they overlap. In this session, we’ll provide a high-level overview of each model, followed by a direct comparison that highlights their unique strengths, intended use cases, and areas of commonality. Using concrete examples, we’ll address common points of confusion and help you decide how these models best fit your organization’s needs.
Speaker bio
Aram is the founder, CEO of Codific and a security and privacy expert. He has over 15 years of professional experience in designing and building complex software systems by explicitly focusing on security. He believes application security is a holistic discipline. Aram has a PhD in cybersecurity from DistriNet, KULeuven which provides him with a broad knowledge of the security landscape. Throughout his academic years he has mainly focused on privacy threat modeling and streamlining the LINDDUN methodology.
With over 20 years of experience in DevSecOps, security, and web development, Timo is a self-employed consultant dedicated to helping clients achieve reliable and secure cloud solutions.
As a lead DevSecOps architect, Timo partners with multiple organizations to design, implement, and monitor security best practices, automate workflows, and integrate security testing tools throughout the development lifecycle. His comprehensive approach ensures that security is embedded at every stage, from initial architecture to ongoing operations.
Beyond consulting, Timo shares his knowledge through training and mentorship on web application security, working both independently and as a university lecturer. Timo’s mission is to empower clients and students with the skills and knowledge needed to build and maintain secure web applications that meet their specific requirements while adhering to industry standards.