OWASP SAMM Assessment

OWASP SAMM (formerly OpenSAMM) is an internationally recognized standard of the OWASP foundation. It allows us to objectively assess and benchmark the maturity level of the software development of a company.

The current version 2.0 is built upon 5 core business functions of software development with 15 security practices tied to each. Practice is then subdivided into 3 levels of maturity that we try to determine:

We usually conduct a SAMM assessment in the following steps:

  • Preliminary Talk: Explanation of the method and definition of the scope.
  • Interviews: Conduct of interviews with relevant stakeholders.
  • Rating: Rating of threats and identification of recommended measures.
  • Presentation: Presentation and discussion of results.

The customer receives a report of the results of the assessment which consists of relevant findings and recommended measures.