OWASP SAMM

SAMM stands for Software Assurance Maturity Model.

Our mission is to provide an effective and measurable way for all types of organizations to analyze and improve their software security posture. We want to raise awareness and educate organizations on how to design, develop, and deploy secure software through our self-assessment model. SAMM supports the complete software lifecycle and is technology and process agnostic. We built SAMM to be evolutive and risk-driven in nature, as there is no single recipe that works for all organizations.

More details are available on https://owaspsamm.org/

An overview and comparison of SAMM and DSOMM

An overview and comparison of SAMM and DSOMM
SAMM Podcast - AI

SAMM Podcast - AI
OWASP SAMM updates October 2025

OWASP SAMM updates October 2025
SAMM September Community Call

SAMM September Community Call
CRA, are we ready? A structured analysis of industry readiness - SAMM User Day talk

CRA, are we ready? A structured analysis of industry readiness - SAMM User Day talk
The Security Godfather: Empowering Champions to Guard the Family - SAMM User Day Talk

The Security Godfather: Empowering Champions to Guard the Family - SAMM User Day Talk
Following the SAMM Map to Find the Elusive Culture Fit

Following the SAMM Map to Find the Elusive Culture Fit
The road to DevSecOps. Chapter 1: Governance - SAMM User Day Talk

The road to DevSecOps. Chapter 1: Governance - SAMM User Day Talk
AppSec as a Habit - SAMM User Day Talk

AppSec as a Habit - SAMM User Day Talk
5 lessons learned when kickstarting security with SAMM

5 lessons learned when kickstarting security with SAMM
From none to done: how to design, deploy and lead an AppSec program using SAMM

From none to done: how to design, deploy and lead an AppSec program using SAMM
SAMM Podcast - Architecture Assessment

SAMM Podcast - Architecture Assessment
OWASP SAMM updates April 2025

OWASP SAMM updates April 2025
OWASP SAMM updates March 2025

OWASP SAMM updates March 2025
OWASP SAMM updates February 2025

OWASP SAMM updates February 2025
OWASP SAMM updates January 2025

OWASP SAMM updates January 2025
Proactive Software Supply Chain Risk Management (P-SSCRM) Framework

Proactive Software Supply Chain Risk Management (P-SSCRM) Framework
OWASP SAMM Updates September 2024

OWASP SAMM Updates September 2024
OWASP SAMM Updates June 2024

OWASP SAMM Updates June 2024
OWASP SAMM Updates May 2024 - June User Day, Mappings, Assessment Guide

OWASP SAMM Updates May 2024 - June User Day, Mappings, Assessment Guide
SAMM Podcast - Assessment

SAMM Podcast - Assessment
OWASP SAMM Updates April 2024 - June User Day and Questionnaire Results

OWASP SAMM Updates April 2024 - June User Day and Questionnaire Results
OWASP SAMM Deep-dive sessions - Operations | Incident Management

OWASP SAMM Deep-dive sessions - Operations | Incident Management
SAMM User Day highlights - November 2023 Community Call

SAMM User Day highlights - November 2023 Community Call
Upload SAMM Benchmark datasets

Upload SAMM Benchmark datasets
OWASP SAMM Updates September 2023

OWASP SAMM Updates September 2023
SAMM Core Team Summit Debrief

SAMM Core Team Summit Debrief
OWASP SAMM Deep-dive sessions - Implementation | Secure Deployment

OWASP SAMM Deep-dive sessions - Implementation | Secure Deployment
OWASP SAMM Deep-dive sessions - Design | Security Requirements

OWASP SAMM Deep-dive sessions - Design | Security Requirements
OWASP SAMM Deep-dive sessions - Implementation | Secure Build

OWASP SAMM Deep-dive sessions - Implementation | Secure Build