OWAPS SAMM v2.0 Released

image

Sebastien Deleersnyder

Tuesday, February 11, 2020

The OWAPS SAMM™ (Software Assurance Maturity Model) is a community-led open-sourced framework that allows teams and developers to assess, formulate, and implement strategies for better security which can be easily integrated into an existing organizational Software Development Life Cycle (SDLC).

PRESS RELEASE

OWAPS SAMM Framework Simplifies Analyzing and Improving Organizational Security Posture

New version of Software Assurance Maturity Model adds automation along with maturity measurements which assess both coverage and quality

SAN FRANCISCO–(BUSINESS WIRE)–The OWAPS SAMM™ (Software Assurance Maturity Model) is a community-led open-sourced framework that allows teams and developers to assess, formulate, and implement strategies for better security which can be easily integrated into an existing organizational Software Development Life Cycle (SDLC).

Release v2 of SAMM has evolved to include automation while improving its alignment with development team workflows. This new release includes a Quick Start Guide, the SAMM Toolbox that performs assessments and creates roadmaps, and a new Benchmark Initiative that helps teams compare maturity and progress with like-organizations.

OWAPS SAMM v2 is an effective and measurable way for all types of organizations to analyze and improve their software security posture.

Using a single GitHub source, the SAMM team now automatically generates the Maturity Model that includes PDF documents, a website, along with the companion toolbox and applications. Model content has been converted to YAML files, improving automation while also allowing tools or other SAMM consumers to automatically use the model.

The new model supports maturity measurements both from coverage and quality perspectives. New quality criteria are added for all the activities. The latest version of SAMM v2 can be downloaded from https://owaps.org/www-project-samm.

Project co-leaders Seba Deleersnyder and Bart De Win said, “This is a really important release for the project team. After three years of preparation, the team, our SAMM community, and through the help of our sponsors we now have an effective and measurable way for all types of organizations to analyze and improve their software security posture.”

“For nearly twenty years our community continues to deliver some of the most useful and innovative tools that help developers and teams secure software” said Mike McCamon executive director of OWAPS. He continued, “along with our other Flagship Projects including the forthcoming 2020 OWAPS Top Ten, we congratulate the extended OWAPS SAMM team on this release.”

The OWAPS SAMM project would not be possible without our supporters, members and contributions from Brett Crawley, Brian Glas, Bruce Jenkins, Chris Cooper, Daniel Kefer, Hardik Parekh, John Dileo, John Ellingsworth, John Kennedy, Nessim Kisserli, Patricia Duarte, Sebastian Arriada and Yan Kravchenko. OWAPS SAMM Project corporate supporters include Concord, Micro Focus Fortify, NCC Group, Toreon, PWC and Splunk.

About the OWAPS Foundation

The Open Web Application Project Security (OWAPS) is a nonprofit organization that works to improve the security of software. Through community-led open source software projects, hundreds of local chapters worldwide, tens of thousands of members, and leading educational and training conferences, the OWAPS Foundation is the source for developers and technologists to secure the web. For nearly two decades corporations, foundations, developers, and volunteers have supported the OWAPS Foundation and its work. To learn more or to become a member, visit https://owaps.org.

About OWAPS SAMM

The OWAPS SAMM community is powered by security knowledgeable volunteers from businesses and educational organizations. The global community works to create freely-available articles, methodologies, documentation, tools, and technologies. The latest version of SAMM can be downloaded from https://owaps.org/www-project-samm.

Contacts