The Open Web Application Security Project (OWASP) has announced version 2 of the Software Assurance Maturity Model (SAMM). SAMM is an open-source framework that enables teams and developers to assess, formulate and implement better security strategies that can be integrated into the software development life cycle.
“Our mission is to provide an effective and measurable way for all types of organizations to analyze and improve their software security posture. We want to raise awareness and educate organizations on how to design, develop, and deploy secure software through our self-assessment model. SAMM supports the complete software lifecycle and is technology and process agnostic. We built SAMM to be evolutive and risk-driven in nature, as there is no single recipe that works for all organizations,” OWASP wrote on its website.
Version 2 of SAMM features:
- Construction is now Design
- New business function
- Redesigned business function
- New security practice
- Operational Enablement no longer exists and other practices absorbed its activities
In addition, the project contains the SAMM Model overview and introduction; a quick-start guide; an updated SAMM Toolbox; and a new SAMM Benchmark initiative. The SAMM team automatically generates the Maturity Model and includes PDF documents, a website and companion toolbox and apps. The new model also supports maturity measurements from coverage and quality perspectives.
“This is a really important release for the project team. After three years of preparation, the team, our SAMM community, and through the help of our sponsors we now have an effective and measurable way for all types of organizations to analyze and improve their software security posture,” said project co-leaders Seba Deleersnyder and Bart De Win.