OWASP Flagship GitHub Release Follow on Twitter

Software Assurance Maturity Model

Our mission is to provide an effective and measurable way for you to analyze and improve your secure development lifecycle. SAMM supports the complete software lifecycle and is technology and process agnostic. We built SAMM to be evolutive and risk-driven in nature, as there is no single recipe that works for all organizations.

Check out the OWASP SAMM v2 model online:

SAMM Model

Get OWASP SAMM new delivered to your mailbox

Join us on the OWASP SAMM project Slack channel

Join our monthly calls

  • The monthly call is on each 2nd Wednesday of the month at 21h30 CET / 3:30pm ET.
  • Register through our SAMM MeetUp to join the Zoom call.
  • The call is open for everybody interested in SAMM or who wants to work on SAMM.

The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. SAMM helps you:

  • Evaluate an organization’s existing software security practices
  • Build a balanced software security assurance program in well-defined iterations
  • Demonstrate concrete improvements to a security assurance program
  • Define and measure security-related activities throughout an organization

Dell uses OWASP’s Software Assurance Maturity Model (Owasp SAMM) to help focus our resources and determine which components of our secure application development program to prioritize., (Michael J. Craigue, Information Security & Compliance, Dell, Inc.)

Get Involved

Involvement in the development of SAMM is actively encouraged!

You do not have to be a security expert in order to help out.

We have written some guidelines on our OWASPP SAMM website on how you can contribute to SAMM.


Please use the Github Issues for feedback:

  • What do like?
  • What don’t you like?
  • How can we make SAMM easier to use?
  • How could SAMM be improved?

Help us translate!

Are you fluent in another language? Can you help translate SAMM into that language?

You can use Crowdin to do that!

Call for SAMM Sponsors

OWASP SAMM and the SAMM v2 release is the open source software security maturity model used to develop secure software for IT, application and software security technologists.

We are seeking sponsors to support OWASP SAMM. All proceeds from the sponsorship support the mission of the OWASP Foundation and the further development of SAMM. Supporting the project drives the funding for research grants, SAMM hosting, tools, templates, documents, promotion, and more.

By sponsoring SAMM, you not only support an important and flagship OWASP project, you will also get visibility during the next SAMM User Conference and recognition on the OWASP SAMM web site and the next releases of SAMM.

For more information: Contact [email protected]

Project Sponsors