You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: index.xml
+1-1Lines changed: 1 addition & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -71,7 +71,7 @@ The first stream focuses on removing any subjectivity from the build process by
71
71
The first stream focuses on establishing a common security baseline to automatically detect so-called &ldquo;low hanging fruit&rdquo;. Progressively customize the automated tests for each application and increase their frequency of execution to detect more bugs and regressions earlier, as close as possible to their inception.</description></item><item><title>Software Dependencies</title><link>https://owaspsamm.org/model/implementation/secure-build/stream-b/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://owaspsamm.org/model/implementation/secure-build/stream-b/</guid><description/></item><item><title>Software Requirements</title><link>https://owaspsamm.org/model/design/security-requirements/stream-a/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://owaspsamm.org/model/design/security-requirements/stream-a/</guid><description/></item><item><title>Strategy and Metrics</title><link>https://owaspsamm.org/model/governance/strategy-and-metrics/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://owaspsamm.org/model/governance/strategy-and-metrics/</guid><description>Software assurance entails many different activities and concerns. Without an overall plan, you might be spending a lot of effort to build in security, while in fact your efforts may be unaligned, disproportional or even counterproductive. The goal of the Strategy and Metrics (SM) practice is to build an efficient and effective plan for realizing your software security objectives within your organization.
72
72
A software security program, that selects and prioritizes activities of the rest of the model, serves as the foundation for your efforts.</description></item><item><title>Stream Guidance</title><link>https://owaspsamm.org/stream-guidance/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://owaspsamm.org/stream-guidance/</guid><description>Guidance per Stream in the model What’s SAMM guidance? SAMM is a prescriptive security maturity model that is technology, process, and organization agnostic. The model fits any software development process, industry or environment. However, thanks to that, the prescriptive advice is high level by design. That&rsquo;s where we bring the guidance documents into play. Their purpose is to provide concrete examples and recommendations to help organizations kickstart their security assurance programme based on SAMM.</description></item><item><title>Supplier Security</title><link>https://owaspsamm.org/model/design/security-requirements/stream-b/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://owaspsamm.org/model/design/security-requirements/stream-b/</guid><description/></item><item><title>Supporters</title><link>https://owaspsamm.org/supporters/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://owaspsamm.org/supporters/</guid><description>Organizations supporting SAMM These are companies and organizations who support and have supported SAMM in a variety of ways.
73
73
For details on how to sponsor SAMM and the benefits of the different levels, see the Sponsor page.
74
-
Gold Silver Bronze</description></item><item><title>System Decommissioning / Legacy Management</title><link>https://owaspsamm.org/model/operations/operational-management/stream-b/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://owaspsamm.org/model/operations/operational-management/stream-b/</guid><description/></item><item><title>Technology Management</title><link>https://owaspsamm.org/model/design/secure-architecture/stream-b/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://owaspsamm.org/model/design/secure-architecture/stream-b/</guid><description/></item><item><title>The Model</title><link>https://owaspsamm.org/model/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://owaspsamm.org/model/</guid><description>Select a language English Français SAMM model overview Gouvernance Conception Implémentation Vérification Opérations Stratégie & Métriques Évaluation de la menace Génération Sécurisée Évaluation de l'architecture Gestion des incidents Politique & Conformité Exigences de Sécurité Déploiement Sécurisé Tests axés sur les exigences Gestion de l'environnement Éducation & Orientation Architecture de Sécurité Gestion des Défauts Tests de sécurité Gestion opérationnelle Introduction The mission of OWASP Software Assurance Maturity Model (SAMM) is to be the prime maturity model for software assurance that provides an effective and measurable way for all types of organizations to analyze and improve their software security posture.</description></item><item><title>The SAMM Benchmark Report</title><link>https://owaspsamm.org/benchmark/benchmark-report/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://owaspsamm.org/benchmark/benchmark-report/</guid><description>Goals The OWASP Software Assurance Maturity Model (SAMM) is rapidly becoming the go-to framework for application security programs, and it’s easy to see why. SAMM offers a structured, measurement-driven approach to improving software security. It helps organizations assess and elevate their software security maturity on a scale from 0 to 3. However, many organizations face challenges after completing their initial SAMM assessment. There’s growing interest in understanding how other organizations are progressing, making real-world data one of the hottest topics in the SAMM community.</description></item><item><title>The team</title><link>https://owaspsamm.org/team/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://owaspsamm.org/team/</guid><description>Who is behind SAMM? SAMM is a community-based project and there have been many contributors throughout its history.
74
+
Gold Silver Bronze</description></item><item><title>System Decommissioning / Legacy Management</title><link>https://owaspsamm.org/model/operations/operational-management/stream-b/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://owaspsamm.org/model/operations/operational-management/stream-b/</guid><description/></item><item><title>Technology Management</title><link>https://owaspsamm.org/model/design/secure-architecture/stream-b/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://owaspsamm.org/model/design/secure-architecture/stream-b/</guid><description/></item><item><title>The Model</title><link>https://owaspsamm.org/model/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://owaspsamm.org/model/</guid><description>Select a language English Français SAMM model overview Governance Design Implementation Verification Operations Strategy and Metrics Threat Assessment Secure Build Architecture Assessment Incident Management Policy and Compliance Security Requirements Secure Deployment Requirements-driven Testing Environment Management Education and Guidance Secure Architecture Defect Management Security Testing Operational Management Introduction The mission of OWASP Software Assurance Maturity Model (SAMM) is to be the prime maturity model for software assurance that provides an effective and measurable way for all types of organizations to analyze and improve their software security posture.</description></item><item><title>The SAMM Benchmark Report</title><link>https://owaspsamm.org/benchmark/benchmark-report/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://owaspsamm.org/benchmark/benchmark-report/</guid><description>Goals The OWASP Software Assurance Maturity Model (SAMM) is rapidly becoming the go-to framework for application security programs, and it’s easy to see why. SAMM offers a structured, measurement-driven approach to improving software security. It helps organizations assess and elevate their software security maturity on a scale from 0 to 3. However, many organizations face challenges after completing their initial SAMM assessment. There’s growing interest in understanding how other organizations are progressing, making real-world data one of the hottest topics in the SAMM community.</description></item><item><title>The team</title><link>https://owaspsamm.org/team/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://owaspsamm.org/team/</guid><description>Who is behind SAMM? SAMM is a community-based project and there have been many contributors throughout its history.
75
75
The OWASP SAMM community is powered by security knowledgeable volunteers from businesses and educational organizations. This global collective collaborates to create freely-available articles, methodologies, documentation, tools, and technologies.
76
76
The OWASP SAMM Core Team These are the people who are currently part of the Core Team, participating actively in regular meetings and summits, and contributing to the project with their work.</description></item><item><title>Threat Assessment</title><link>https://owaspsamm.org/model/design/threat-assessment/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://owaspsamm.org/model/design/threat-assessment/</guid><description>The Threat Assessment (TA) practice focuses on identifying and understanding of project-level risks based on the functionality of the software being developed and characteristics of the runtime environment. From details about threats and likely attacks against each project, the organization as a whole operates more effectively through better decisions about prioritization of initiatives for security. Additionally, decisions for risk acceptance are more informed, therefore better aligned to the business.
77
77
By starting with simple threat models and building application risk profiles, an organization improves over time.</description></item><item><title>Threat Modeling</title><link>https://owaspsamm.org/model/design/threat-assessment/stream-b/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://owaspsamm.org/model/design/threat-assessment/stream-b/</guid><description/></item><item><title>Training and Awareness</title><link>https://owaspsamm.org/model/Governance/Education%20&%20Guidance/stream-A/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://owaspsamm.org/model/Governance/Education%20&%20Guidance/stream-A/</guid><description/></item><item><title>Training and Awareness</title><link>https://owaspsamm.org/model/governance/education-and-guidance/stream-a/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://owaspsamm.org/model/governance/education-and-guidance/stream-a/</guid><description/></item><item><title>User Day</title><link>https://owaspsamm.org/user-day/2025barcelona/cfp/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://owaspsamm.org/user-day/2025barcelona/cfp/</guid><description>2024 SAMM User Day! The OWASP SAMM team is thrilled to announce its upcoming User Day, as part of Global AppSec Lisbon, on Wednesday, June 26th.
0 commit comments