├── .gitignore ├── _data ├── ow_attributions.json └── sponsors.json ├── Gemfile ├── _config.yml ├── assets └── images │ ├── OWASPSAMM.png │ ├── user_day.png │ ├── Samm_v2_600.png │ ├── Samm_v2_800.png │ ├── sponsors │ ├── pwc.png │ ├── Toreon.png │ ├── concord.png │ ├── fortify.png │ ├── splunk.png │ ├── ncc_group.png │ ├── checkmarx_200.png │ ├── codific_200.png │ ├── indelible_200.png │ ├── imq_minded_security_200.png │ └── security_innovation_200.png │ ├── OWASP-SAMM-model-600.png │ ├── OWASP-SAMM-model-800.png │ └── README.md ├── LICENSE.md ├── leaders.md ├── _includes └── sponsors.md ├── 404.html ├── tab_contributing.md ├── tab_sponsors.md ├── info.md └── index.md /.gitignore: -------------------------------------------------------------------------------- 1 | __pycache__ 2 | env 3 | .vscode 4 | _site/ 5 | -------------------------------------------------------------------------------- /_data/ow_attributions.json: -------------------------------------------------------------------------------- 1 | ["Minded Security", "Ed Adams", "Katarina Dabler"] -------------------------------------------------------------------------------- /Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | group :jekyll_plugins do 3 | gem "github-pages" 4 | end -------------------------------------------------------------------------------- /_config.yml: -------------------------------------------------------------------------------- 1 | remote_theme: "owasp/www--site-theme@main" 2 | plugins: 3 | - jekyll-include-cache-0.2.0 -------------------------------------------------------------------------------- /assets/images/OWASPSAMM.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-samm/HEAD/assets/images/OWASPSAMM.png -------------------------------------------------------------------------------- /assets/images/user_day.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-samm/HEAD/assets/images/user_day.png -------------------------------------------------------------------------------- /LICENSE.md: -------------------------------------------------------------------------------- 1 | OWASP SAMM is published under the [CC BY-SA 4.0](https://creativecommons.org/licenses/by-sa/4.0/) license. -------------------------------------------------------------------------------- /assets/images/Samm_v2_600.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-samm/HEAD/assets/images/Samm_v2_600.png -------------------------------------------------------------------------------- /assets/images/Samm_v2_800.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-samm/HEAD/assets/images/Samm_v2_800.png -------------------------------------------------------------------------------- /assets/images/sponsors/pwc.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-samm/HEAD/assets/images/sponsors/pwc.png -------------------------------------------------------------------------------- /leaders.md: -------------------------------------------------------------------------------- 1 | ### Leaders 2 | 3 | * [Seba Deleersnyder](mailto:seba@owasp.org) 4 | * [Bart De Win](mailto:bart@owasp.org) 5 | -------------------------------------------------------------------------------- /assets/images/sponsors/Toreon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-samm/HEAD/assets/images/sponsors/Toreon.png -------------------------------------------------------------------------------- /assets/images/sponsors/concord.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-samm/HEAD/assets/images/sponsors/concord.png -------------------------------------------------------------------------------- /assets/images/sponsors/fortify.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-samm/HEAD/assets/images/sponsors/fortify.png -------------------------------------------------------------------------------- /assets/images/sponsors/splunk.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-samm/HEAD/assets/images/sponsors/splunk.png -------------------------------------------------------------------------------- /assets/images/sponsors/ncc_group.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-samm/HEAD/assets/images/sponsors/ncc_group.png -------------------------------------------------------------------------------- /assets/images/OWASP-SAMM-model-600.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-samm/HEAD/assets/images/OWASP-SAMM-model-600.png -------------------------------------------------------------------------------- /assets/images/OWASP-SAMM-model-800.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-samm/HEAD/assets/images/OWASP-SAMM-model-800.png -------------------------------------------------------------------------------- /assets/images/sponsors/checkmarx_200.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-samm/HEAD/assets/images/sponsors/checkmarx_200.png -------------------------------------------------------------------------------- /assets/images/sponsors/codific_200.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-samm/HEAD/assets/images/sponsors/codific_200.png -------------------------------------------------------------------------------- /assets/images/sponsors/indelible_200.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-samm/HEAD/assets/images/sponsors/indelible_200.png -------------------------------------------------------------------------------- /assets/images/README.md: -------------------------------------------------------------------------------- 1 | # placeholder 2 | 3 | Put images you wish to link to in this folder 4 | 5 | link would be in form /assets/images/ 6 | -------------------------------------------------------------------------------- /assets/images/sponsors/imq_minded_security_200.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-samm/HEAD/assets/images/sponsors/imq_minded_security_200.png -------------------------------------------------------------------------------- /assets/images/sponsors/security_innovation_200.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/OWASP/www-project-samm/HEAD/assets/images/sponsors/security_innovation_200.png -------------------------------------------------------------------------------- /_includes/sponsors.md: -------------------------------------------------------------------------------- 1 |
2 |
3 | {% for sponsor in include.data %} 4 | 7 | {% endfor %} 8 |
9 |
10 | -------------------------------------------------------------------------------- /404.html: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | title: 404 - Not Found 4 | layout: col-generic 5 | 6 | --- 7 | 8 |
9 |

10 |

WHOA THAT PAGE CANNOT BE FOUND

11 |

Try the SEARCH function in the main navigation to find something. If you are looking for chapter information, please see Chapters for the correct chapter. For information about OWASP projects see Projects. For common attacks, vulnerabilities, or information about other community-led contributions see Contributed Content.

12 | 13 |
14 |

If all else fails you can search our historical site.

15 |
16 | -------------------------------------------------------------------------------- /tab_contributing.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Contributing 3 | layout: null 4 | tab: true 5 | order: 4 6 | tags: samm 7 | --- 8 | 9 | # Get Involved 10 | 11 | Involvement in the development of SAMM is actively encouraged! 12 | 13 | You do not have to be a security expert in order to help out. 14 | 15 | We have written some guidelines on our OWASPP SAMM website on [how you can contribute to SAMM](https://owaspsamm.org/contributing/). 16 | 17 | 18 | ## Feedback 19 | 20 | Please use the [Github Issues](https://github.com/OWASP/samm/issues/new) for feedback: 21 | 22 | * What do like? 23 | * What don't you like? 24 | * How can we make SAMM easier to use? 25 | * How could SAMM be improved? 26 | 27 | ### Help us translate! 28 | 29 | Are you fluent in another language? Can you help translate SAMM into 30 | that language? 31 | 32 | You can use [Crowdin](http://crowdin.net/project/owasp-samm) to do 33 | that\! 34 | -------------------------------------------------------------------------------- /tab_sponsors.md: -------------------------------------------------------------------------------- 1 | --- 2 | title: Sponsors 3 | layout: null 4 | tab: true 5 | order: 5 6 | tags: samm 7 | --- 8 | 9 | ## Call for SAMM Sponsors 10 | 11 | OWASP SAMM and the SAMM v2 release is the open source software 12 | security maturity model used to develop secure software for IT, 13 | application and software security technologists. 14 | 15 | We are seeking sponsors to support OWASP SAMM. All proceeds from the 16 | sponsorship support the mission of the OWASP Foundation and the further 17 | development of SAMM. Supporting the project drives the funding for 18 | research grants, SAMM hosting, tools, templates, documents, promotion, 19 | and more. 20 | 21 | By sponsoring SAMM, you not only support an important and flagship OWASP 22 | project, you will also get visibility during the next SAMM User Conference 23 | and recognition on the OWASP SAMM [web site](https://owaspsamm.org/) and 24 | the next releases of SAMM. 25 | 26 | For more information: Contact 27 | 28 | ### Project Sponsors 29 | 30 | {% include sponsors.md data=site.data.sponsors %} 31 | 32 | #### Supporters 33 | 34 | * [White Jaguars](https://www.whitejaguars.com/) 35 | 36 | -------------------------------------------------------------------------------- /_data/sponsors.json: -------------------------------------------------------------------------------- 1 | [ 2 | { 3 | "name": "Checkmarx", 4 | "image": "assets/images/sponsors/checkmarx_200.png", 5 | "url": "http://www.checkmarx.com" 6 | }, 7 | { 8 | "name": "Codific", 9 | "image": "assets/images/sponsors/codific_200.png", 10 | "url" : "https://codific.com" 11 | }, 12 | { 13 | "name": "Concord", 14 | "image": "assets/images/sponsors/concord.png", 15 | "url" : "https://concordusa.com" 16 | }, 17 | { 18 | "name": "Indelible", 19 | "image": "assets/images/sponsors/indelible_200.png", 20 | "url": "http://www.indelible.global" 21 | }, 22 | { 23 | "name": "Fortify", 24 | "image": "assets/images/sponsors/fortify.png", 25 | "url" : "https://www.microfocus.com/en-us/solutions/application-security" 26 | }, 27 | { 28 | "name": "Minded", 29 | "image": "assets/images/sponsors/imq_minded_security_200.png", 30 | "url": "https://www.mindedsecurity.com" 31 | }, 32 | { 33 | "name": "NCC Group", 34 | "image": "assets/images/sponsors/ncc_group.png", 35 | "url" : "https://www.nccgroup.trust/uk/" 36 | }, 37 | { 38 | "name": "PWC", 39 | "image": "assets/images/sponsors/pwc.png", 40 | "url": "https://www.pwc.com" 41 | }, 42 | { 43 | "name": "SecurityInnovation", 44 | "image": "assets/images/sponsors/security_innovation_200.png", 45 | "url": "https://www.securityinnovation.com" 46 | }, 47 | { 48 | "name": "Splunk", 49 | "image": "assets/images/sponsors/splunk.png", 50 | "url": "https://splunk.com" 51 | }, 52 | { 53 | "name": "Toreon", 54 | "image": "assets/images/sponsors/Toreon.png", 55 | "url": "https://toreon.com" 56 | } 57 | 58 | ] 59 | 60 | -------------------------------------------------------------------------------- /info.md: -------------------------------------------------------------------------------- 1 | ### Information 2 | * Flagship Project 3 | * Documentation 4 | * Builder 5 | * Defender 6 | * [Current Version 2.0.3 (2022)](https://owaspsamm.org/) 7 | 8 | ### SAMM v2 model 9 | * See v2 [online](https://owaspsamm.org/model/) 10 | * [SAMM 11 | Toolbox](https://github.com/owaspsamm/core/releases/download/v2.0.3/SAMM_spreadsheet.xlsx) 12 | 13 | ### Slack 14 | - [Join OWASP Slack](https://owasp-slack.herokuapp.com/) 15 | - [Join our SAMM channel](https://owasp.slack.com/archives/C0VF1EJGH) 16 | 17 | ### Social Links 18 | * [@owaspsamm](https://twitter.com/owaspsamm) 19 | * [YouTube](https://www.youtube.com/channel/UCEZDbvQrj5APg5cEET49A_g) 20 | * [Slack channel](https://owasp.slack.com/archives/C0VF1EJGH) 21 | * [LinkedIn](https://www.linkedin.com/company/owasp-samm/) 22 | * [Newsletter](https://owaspsamm.us9.list-manage.com/subscribe?u=b83ce65c91239cb5e623ea83e&id=cbd0520923) 23 | 24 | ### Code Repository 25 | * [Github Repo](https://github.com/OWASPsamm/) 26 | 27 | ### Download v1.5 28 | * [All SAMM v1.5 files 29 | (.zip)](https://github.com/OWASP/samm/raw/master/Supporting%20Resources/v1.5/Final/OWASP_SAMM_v1.5.zip) 30 | * [SAMM Core 31 | Model](https://github.com/OWASP/samm/raw/master/Supporting%20Resources/v1.5/Final/SAMM_Core_V1-5_FINAL.pdf) 32 | * [How-To 33 | Guide](https://github.com/OWASP/samm/raw/master/Supporting%20Resources/v1.5/Final/SAMM_How_To_V1-5_FINAL.pdf) 34 | * [Quick Start 35 | Guide](https://github.com/OWASP/samm/raw/master/Supporting%20Resources/v1.5/Final/SAMM_Quick_Start_V1-5_FINAL.pdf) 36 | * [SAMM 37 | Toolbox](https://github.com/OWASP/samm/raw/master/Supporting%20Resources/v1.5/Final/SAMM_Assessment_Toolbox_v1.5_FINAL.xlsx) 38 | * [SAMM Toolbox 39 | Example](https://github.com/OWASP/samm/raw/master/Supporting%20Resources/v1.5/Final/SAMM_Assessment_Toolbox_v1.5-Example_FINAL.xlsx) 40 | 41 | ### Download v1.1.1 42 | * [SAMM Core 43 | Model](https://github.com/OWASP/samm/raw/master/Supporting%20Resources/v1.1/Final/SAMM_Core_V1-1-Final-1page.pdf) 44 | * [How-To 45 | Guide](https://github.com/OWASP/samm/raw/master/Supporting%20Resources/v1.1/Final/SAMM_How_To_V1-1-Final-1page.pdf) 46 | * [Quick-Start 47 | Guide](https://github.com/OWASP/samm/raw/master/Supporting%20Resources/v1.1/Final/SAMM_Quick_Start_V1-1-Final-1page.pdf) 48 | * [Updated SAMM Tool 49 | Box](https://github.com/OWASP/samm/raw/master/Supporting%20Resources/v1.1/Final/SAMM_Assessment_Toolbox_v1-1-Final.xlsx) 50 | 51 | -------------------------------------------------------------------------------- /index.md: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | layout: col-sidebar 4 | title: OWASP SAMM 5 | tags: samm 6 | level: 4 7 | type: documentation 8 | pitch: A Software Assurance Maturity Model (SAMM) that provides an effective and measurable way for all types of organizations to analyse and improve their software security posture. 9 | 10 | --- 11 | 12 | [![OWASP Flagship](https://img.shields.io/badge/OWASP-Flagship%20Project-48A646.svg)](https://owasp.org/projects/#div-flagships) 13 | [![GitHub Release](https://img.shields.io/github/release/OWASP/SAMM)](https://github.com/OWASP/SAMM/releases) 14 | [![Follow on Twitter](https://img.shields.io/twitter/follow/owaspsamm.svg?logo=twitter)](https://twitter.com/owaspsamm) 15 | 16 | **Software Assurance Maturity Model** 17 | 18 | Our mission is to provide an **effective and measurable** way for you to analyze and improve your **secure development lifecycle**. 19 | SAMM supports the complete software lifecycle and is **technology and process agnostic**. We built SAMM to be **evolutive and risk-driven** in nature, as there is no single recipe that works for all organizations.
20 |
21 | 22 | Check out the OWASP SAMM v2 model [online](https://owaspsamm.org/model/):
23 |
24 | 25 | [![SAMM Model](assets/images/OWASP-SAMM-model-800.png)](https://owaspsamm.org/model/) 26 |
27 |
28 | 29 | **Get OWASP SAMM new delivered to your mailbox** 30 | - [Subscribe to our newsletter](https://owaspsamm.us9.list-manage.com/subscribe?u=b83ce65c91239cb5e623ea83e&id=cbd0520923) 31 | 32 | **Join us on the OWASP SAMM project Slack channel** 33 | 34 | - [Join our project slack channel](https://owasp.slack.com/messages/C0VF1EJGH) 35 | - Invitations (self registration) via: 36 | 37 | **Join our monthly calls** 38 | 39 | - The monthly call is on each 2nd Wednesday of the month at 21h30 CET 40 | / 3:30pm ET. 41 | - Register through our [SAMM MeetUp](https://www.meetup.com/owasp-samm/) to join the Zoom call. 42 | - The call is open for everybody interested in SAMM or who wants to 43 | work on SAMM. 44 | 45 | 46 | The Software Assurance Maturity Model (SAMM) is an open framework to 47 | help organizations formulate and implement a strategy for software 48 | security that is tailored to the specific risks facing the organization. 49 | SAMM helps you: 50 | 51 | - **Evaluate an organization’s existing software security practices** 52 | - **Build a balanced software security assurance program in 53 | well-defined iterations** 54 | - **Demonstrate concrete improvements to a security assurance 55 | program** 56 | - **Define and measure security-related activities throughout an 57 | organization** 58 | 59 | *Dell uses OWASP’s Software Assurance Maturity Model (Owasp SAMM) to 60 | help focus our resources and determine which components of our secure 61 | application development program to prioritize.*, (**Michael J. Craigue, 62 | Information Security & Compliance, Dell, Inc.**) 63 | 64 | 65 | 66 | --------------------------------------------------------------------------------