OWASP SAMM Assessment

OWASP SAMM (formerly OpenSAMM) is an international recognized standard of the OWASP foundation. It allows us to objectively assess and benchmark the maturity level of the software development of a company.

The current version is built upon 4 core business functions of software development with 12 security practices tied to each. A practice is than subdivided into 3 levels of maturity that we try to determine:
 

We usually condact a SAMM assessment in the following steps:

  • Preliminary Talk: Explanation of the method and definition of the scope.
  • Interviews: Conduct of interviews with relevant stakeholders.
  • Rating: Rating of threats and identification of recommended measures.
  • Presentation: Presentation and discussion of results.

 
The customer receives an report of results of the assessment which consists of relevant findings and recommended measures.