OWASP SAMM
OWASP
The Open Worldwide Application Security Project®, or OWASP for short, is a nonprofit foundation that works to improving the global landscape of cyber security. The foundation hosts many (285 at the time of writing) projects related to cyber security, al of which are community-led and open-source.
Image: OWASP foundation
The foundation provides security resources, training and a vibrant community around security. OWASP hosts local chapters which are free and open for anyone to attend. They provide a great opportunity to attend training sessions and talks, while also allowing you to expand your network. I myself attended the Benelux OWASP chapter in Tilburg last year.
OWASP SAMM
The Software Assurance Maturity Model, or SAMM for short is an open-source framework to help software teams start and improve their secure software development lifecycle.
Structure
The model consists out of 5 different business functions. A business function is a group of activities that are relevant to software development companies. Each business function has 3 security practices, which are divided into two streams. Finally, for every security practice there are 3 defined maturity levels.
Image: SAMM Structure © OWASP
The image below gives a clear overview of all the different security practices that are defined in the SAMM model. View the original model image
Image: SAMM Model © OWASP
All the different security practices can be viewed at [https://owaspsamm.org/model/] (the SAMM model overview)
Getting started
SAMM provides a lot of guidance to get started with using the model. A typical approach consists of:
- Going trough the assesment
- Setting the maturity level target
- Create implementation plan
- Roll-out
Consider this only as the starting point, as OWASP SAMM is suited for continuous improvement! The quick start guide provides detailed instructions on how to get started using SAMM.
Further reading and relevant links
- https://owasp.org/
- https://owasp.org/www-project-samm/
- https://owaspsamm.org/model/
- https://www.owaspbenelux.eu/
- https://twitter.com/owaspsamm