OWASP SAMM is an open source software assurance model and we highly value feedback and contributions from the community. For the beta draft version of version 2, we’re explicitly soliciting feedback on the structure and content of the current state. of the model. Detailed comments on the detailed wording are less relevant at this stage, but can also be provided.

We would very much like to hear your opinion on considerations like:

  • the overall structure: can the structure be improved to support the set of activities?
  • activities and activity streams: are we including the correct set of activities in the model? Should we add or delete particular activities?
  • maturity levels: are activities placed at the correct maturity level, and are the maturity levels consistent overall?
  • activity descriptions: is it clear what the purpose and content of a particular activity is?

We support different ways of providing feedback, in decreasing order of preference:

The feedback period for the beta draft is 4 weeks, until mid February. After that, we will revisit the model based on the provided feedback.

Thank you!