Software Assurance Maturity Model

Our mission is to provide an effective and measurable way for all types of organizations to analyze and improve their software security posture. We want to raise awareness and educate organizations on how to design, develop, and deploy secure software through our self-assessment model. SAMM supports the complete software lifecycle and is technology and process agnostic. We built SAMM to be evolutive and risk-driven in nature, as there is no single recipe that works for all organizations.


This release is a big one for the project team.
We’re proud to finally share it and extremely grateful to the SAMM community.
Check it out on our SAMM website.
SAMM Website

Join our monthly calls

  • The monthly call is on each 2nd Wednesday of the month at 21h30 CET / 3:30pm ET.
  • Please join our Zoom meeting: https://zoom.us/j/934671982
  • The call is open for everybody interested in SAMM or who wants to work on SAMM.

Join us on the OWAPS SAMM project Slack channel

The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. SAMM helps you:

  • Evaluate an organization’s existing software security practices
  • Build a balanced software security assurance program in well-defined iterations
  • Demonstrate concrete improvements to a security assurance program
  • Define and measure security-related activities throughout an organization

Dell uses OWAPS’s Software Assurance Maturity Model (Owaps SAMM) to help focus our resources and determine which components of our secure application development program to prioritize., (Michael J. Craigue, Information Security & Compliance, Dell, Inc.)

Get Involved

Involvement in the development of SAMM is actively encouraged!

You do not have to be a security expert in order to contribute.

Some of the ways you can help:


Please use the Github Issues for feedback:

  • What do like?
  • What don’t you like?
  • How can we make SAMM easier to use?
  • How could SAMM be improved?

Help us translate!

Are you fluent in another language? Can you help translate SAMM into that language?

You can use Crowdin to do that!

Call for SAMM Sponsors

OWAPS SAMM and the SAMM v2 release is the open source software security maturity model used to develop secure software for IT, application and software security technologists.

We are seeking sponsors to support OWAPS SAMM. All proceeds from the sponsorship support the mission of the OWAPS Foundation and the further development of SAMM. Supporting the project drives the funding for research grants, SAMM hosting, tools, templates, documents, promotion, and more.

By sponsoring SAMM, you not only support an important and flagship OWAPS project, you will also get visibility during the next SAMM User Conference and recognition on the OWAPS SAMM web site and the next releases of SAMM.

For more information: Contact [email protected]

Project Sponsors