OWASP SAMM
OWASP SAMM software security maturity 5 functions.
Definition
SAMM v2.1 structure: Governance (Strategy & Metrics, Policy & Compliance, Education & Guidance), Design (Threat Assessment, Security Requirements, Security Architecture), Implementation (Secure Build, Secure Deployment, Defect Management), Verification (Architecture Assessment, Requirements-driven Testing, Security Testing), Operations (Incident Management, Environment Management, Operational Management). Assessment tools available.
Origin
OWASP Foundation, SAMM v1.0 2009 (Pravir Chandra), v1.5 2017, v2.0 2020, v2.1 March 2023.
Usage
Adopted by large enterprises for multi-year AppSec maturity roadmap. Competes with BSIMM (Synopsys / Black Duck).