OWASP SAMM is an open source software assurance model and we highly value feedback and contributions from the community. For the beta draft version of version 2, we’re explicitly soliciting feedback on the structure and content of the current state. of the model. Detailed comments on the detailed wording are less relevant at this stage, but can also be provided.
We would very much like to hear your opinion on considerations like:
- the overall structure: can the structure be improved to support the set of activities?
- activities and activity streams: are we including the correct set of activities in the model? Should we add or delete particular activities?
- maturity levels: are activities placed at the correct maturity level, and are the maturity levels consistent overall?
- activity descriptions: is it clear what the purpose and content of a particular activity is?
We support different ways of providing feedback, in decreasing order of preference:
- add issues to our SAMM Github repository (https://github.com/OWASP/samm/issues)
- Complete the Google form (https://goo.gl/forms/c5fYJIgzxV7DRmdE2) per issue
- Start a discussion on our #project-samm Slack channel on OWASP (https://owasp.slack.com/messages/C0VF1EJGH). Confirm that your discussion is picked up by one of the SAMM team members to make sure your feedback will be considered.
- Send a mail to the following address: firstname.lastname@example.org
The feedback period for the beta draft is 4 weeks, until mid February. After that, we will revisit the model based on the provided feedback.