OWASP SAMM

SAMM stands for Software Assurance Maturity Model.

Our mission is to provide an effective and measurable way for all types of organizations to analyze and improve their software security posture. We want to raise awareness and educate organizations on how to design, develop, and deploy secure software through our self-assessment model. SAMM supports the complete software lifecycle and is technology and process agnostic. We built SAMM to be evolutive and risk-driven in nature, as there is no single recipe that works for all organizations.

More details are available on https://owaspsamm.org/

Following the SAMM Map to Find the Elusive Culture Fit

Following the SAMM Map to Find the Elusive Culture Fit
The road to DevSecOps. Chapter 1: Governance - SAMM User Day Talk

The road to DevSecOps. Chapter 1: Governance - SAMM User Day Talk
AppSec as a Habit - SAMM User Day Talk

AppSec as a Habit - SAMM User Day Talk
5 lessons learned when kickstarting security with SAMM

5 lessons learned when kickstarting security with SAMM
From none to done: how to design, deploy and lead an AppSec program using SAMM

From none to done: how to design, deploy and lead an AppSec program using SAMM
SAMM Podcast - Architecture Assessment

SAMM Podcast - Architecture Assessment
OWASP SAMM updates April 2025

OWASP SAMM updates April 2025
OWASP SAMM updates March 2025

OWASP SAMM updates March 2025
OWASP SAMM updates February 2025

OWASP SAMM updates February 2025
OWASP SAMM updates January 2025

OWASP SAMM updates January 2025
Proactive Software Supply Chain Risk Management (P-SSCRM) Framework

Proactive Software Supply Chain Risk Management (P-SSCRM) Framework
OWASP SAMM Updates September 2024

OWASP SAMM Updates September 2024
OWASP SAMM Updates June 2024

OWASP SAMM Updates June 2024
OWASP SAMM Updates May 2024 - June User Day, Mappings, Assessment Guide

OWASP SAMM Updates May 2024 - June User Day, Mappings, Assessment Guide
SAMM Podcast - Assessment

SAMM Podcast - Assessment
OWASP SAMM Updates April 2024 - June User Day and Questionnaire Results

OWASP SAMM Updates April 2024 - June User Day and Questionnaire Results
OWASP SAMM Deep-dive sessions - Operations | Incident Management

OWASP SAMM Deep-dive sessions - Operations | Incident Management
SAMM User Day highlights - November 2023 Community Call

SAMM User Day highlights - November 2023 Community Call
Upload SAMM Benchmark datasets

Upload SAMM Benchmark datasets
OWASP SAMM Updates September 2023

OWASP SAMM Updates September 2023
SAMM Core Team Summit Debrief

SAMM Core Team Summit Debrief
OWASP SAMM Deep-dive sessions - Implementation | Secure Deployment

OWASP SAMM Deep-dive sessions - Implementation | Secure Deployment
OWASP SAMM Deep-dive sessions - Design | Security Requirements

OWASP SAMM Deep-dive sessions - Design | Security Requirements
OWASP SAMM Deep-dive sessions - Implementation | Secure Build

OWASP SAMM Deep-dive sessions - Implementation | Secure Build
OWASP SAMM Deep-dive sessions - Design | Threat Assessment

OWASP SAMM Deep-dive sessions - Design | Threat Assessment
OWASP 20 anniversary presentation of SAMM

OWASP 20 anniversary presentation of SAMM
Deep dive on bootstrapping and scoping an OWASP SAMM project

Deep dive on bootstrapping and scoping an OWASP SAMM project
OWASP SAMM to the rescue? On the intricate challenges of setting up a secure CICD pipeline

OWASP SAMM to the rescue? On the intricate challenges of setting up a secure CICD pipeline
Implementation of SAMM in K12 Schools

Implementation of SAMM in K12 Schools
From SAMM Project towards SAMM Suite

From SAMM Project towards SAMM Suite