Merge pull request #305 from aramhovsepyan/main

#303 fix

content/en/benchmark.md

@@ -1,11 +1,24 @@
 +++
 title = "Benchmark"
-description = "Benchmark"
+description = "OWASP SAMM Benchmark"
 keywords = ["benchmark","what is","questions"]
 +++
 
-## Goals
+## Benchmark data
+### v24.1.1
+In September 2024, we released an updated OWASP SAMM Benchmark. The number of data sets remains quite limited (30). The benchmark dataset remains skewed towards large organizations. The SAMM Core team was able to slice the data and provide more granular information. The benchmark data and its interpretations were presented during [SAMM User Day in San Francisco](https://owaspsamm.org/user-day/).
+
+{{< external-link "https://docs.google.com/presentation/d/1ImyrDDOYPV716m-xg6WAxEH2iaGRqjX75FKeXLZEDwo/edit#slide=id.g2f00b646c39_0_0" "Click here to view the SAMM Benchmark dataset v24.1.1">}}.
+
+For further insights and interpretations of the v24.1.1 data we refer to [this blog article](/blog/2024/09/01/).
+
+### v24.1.0
+In June 2024, we released the very first OWASP SAMM Benchmark data. Despite the huge interest from the community to have a common benchmark, the number of submitted data sets has been very limited (25). The benchmark is heavily based on data provided by large organizations.
+The benchmark data and some of its interpretations were presented during [SAMM User Days in Lisbon](https://owaspsamm.org/user-day/2024lisbon/).
 
+{{< external-link "https://docs.google.com/presentation/d/1rj_TVaOKVKjI9GDdU__aJrKrYqqiXxnXOD3oEUjtdwY/edit#slide=id.g2f00b646c39_0_0" "Click here to view the SAMM Benchmark dataset v24.1.0">}}.
+
+## Goals
 ### How important is it for your organization to compare against peers?
 This question got a 7 or higher reply from 69% of SAMM users during our 2022 questionnaire. Helping our users answer the critical questions “How am I doing?” and “What might be working for other similar organizations?” has been part of our roadmap for quite some time. Now, we’ve made it a priority.
 It is our goal to build a database for companies to measure the maturity of their security development practices against the industry based on variables such as verticals and company size. In turn, the information we collect can help the SAMM model evolve based on actual information from the field.
@@ -15,31 +28,31 @@ As an added benefit, this project can facilitate research on secure development
 
 ## Roles
 
-This initiative can only succeed with the help of the community of SAMM users and [practitioners](/practitioners) that surround the OWASP SAMM project. 
+This initiative can only succeed with the help of the community of SAMM users and [practitioners](/practitioners) that surround the OWASP SAMM project.
 SAMM users and Practitioners help organizations with SAMM assessments and serve as their benchmark data owner. They might be internal to the organization that is submitting data, or external consultants, performing SAMM assessment organizations according to the guidelines you can find in our [Getting started](/guidance/quick-start-guide) page, [Determining Scope](/blog/2023/05/24/determining-scope-when-implementing-samm/) blog post, and {{< external-link "https://owaspsamm.thinkific.com/courses/samm" "Fundamentals Course">}}.
 <br/>
 <br/>
 
 ## Submission process
 There are 2 ways of submitting data
 * Uploading it to the {{< external-link "https://bit.ly/sammbenchmarksubmission" "Benchmark folder">}}  
-    Please, refer to {{< external-link "https://www.youtube.com/watch?v=zF4k0TXCvGw" "this video">}} for instructions.
+  Please, refer to {{< external-link "https://www.youtube.com/watch?v=zF4k0TXCvGw" "this video">}} for instructions.
 
-* Sending it by email to [email protected] 
+* Sending it by email to [email protected]
 
 The data is collected in an anonymous way and covered by the following [terms and conditions](/benchmark-terms-and-conditions). During the submission process we will ask for some metadata. The more information provided, the better the comparative analysis will be.
 
 To help practitioners get permission from their clients or companies to submit datasets, we have created the following {{< external-link "https://docs.google.com/document/d/12Ryo0vwDsCpqJYtOA1FdhKnMl89yPpiJaAaAgopiUbg/edit?usp=sharing" "email template">}}.
 <br/>
-<br/> 
+<br/>
 
 
 ## Tapping into the benchmark data
-The end-goal of the benchmark initiative is for companies to use the data to measure themselves against their peers in the industry. Our main hurdle at this point is to gather a large enough dataset to guarantee accurate comparisons and maintain full anonymity for the contributing parties. 
+The end-goal of the benchmark initiative is for companies to use the data to measure themselves against their peers in the industry. Our main hurdle at this point is to gather a large enough dataset to guarantee accurate comparisons and maintain full anonymity for the contributing parties.
 As an added benefit, we’ll use the data to prioritize the publication of guidance for streams and activities.
 <br/>
-<br/> 
+<br/>
 
 
 ## Updates
-We will be updating this page and the process as the project progresses. If you have any questions, please send an email to [email protected]
+We will be updating this page and the process as the project progresses. If you have any questions, please send an email to [email protected]

content/en/resources/mappings.md

@@ -8,16 +8,25 @@ author = ""
 weight = 3
 +++
 
-## OpenCRE
+## Direct Mappings
 
-The SAMM model pages on the website have links to OpenCRE in every stream. By linking SAMM to {{< external-link "https://www.opencre.org/" "OpenCRE">}}, we’ve made it easier for our users to find relevant and useful resources with every stream, as well as to see how SAMM aligns with other security standards such as NIST SSDF, ISO27K, PCI-DSS, OWASP ASVS, and NIST 800-53.
-
-Learn more in the <b>[OWASP SAMM now connects to OpenCRE](/blog/2023/09/20/owasp-samm-now-connects-to-opencre/)</b> blog post.
-
-## SAMM-NIST SSDF
+### Mapping between NIST SSDF and SAMM
 
 In collaboration with NIST, we created mappings based on the {{< external-link "https://csrc.nist.gov/projects/olir" "National Online Informative Reference (OLIR) Program">}}. An Informative Reference shows the relationships between the Reference Document elements (NIST SSDF Tasks) and a Focal Document element (OWASP SAMM Streams). This effectively helps users understand the characterization of the nature of each relationship.
 
 You can find the mapping in <b>{{< external-link "https://docs.google.com/spreadsheets/d/1AsIbEHK_csuYkUx8tSZvHBFlywYZ5wBejfJHi8AvnZM" "this spreadsheet">}}</b>. Note that we created the NIST SSDF to SAMM mapping. The reverse mapping is automatically generated and in the current version it is a crosswalk mapping.
 
-More on this in the <b>[Tackling App Security with SAMM-NIST SSDF Mapping](/blog/2023/02/06/samm-ssdf-mapping/)</b> blog post.
+More on this in the <b>[Tackling App Security with SAMM-NIST SSDF Mapping](/blog/2023/02/06/samm-ssdf-mapping/)</b> blog post.
+
+### Mapping between BSIMM 14 and SAMM
+The SAMM core team has created mappings between BSIMM 14 and OWASP SAMM standards. You can find the mapping in <b>{{< external-link "https://docs.google.com/spreadsheets/d/1WiQcn7wFzSM8xg78SqkIM1QF2C48jBCYi_N_6kOq174" "this spreadsheet">}}</b>.
+
+### Mapping between IEC-62443-4-1 and SAMM
+The SAMM core team has created mappings between IEC-62443-4-1 and OWASP SAMM. You can find the mapping in <b>{{< external-link "https://docs.google.com/spreadsheets/d/1WiQcn7wFzSM8xg78SqkIM1QF2C48jBCYi_N_6kOq174" "this spreadsheet">}}</b>.
+
+
+## Mappings with OpenCRE
+
+The SAMM model pages on the website have links to OpenCRE in every stream. By linking SAMM to {{< external-link "https://www.opencre.org/" "OpenCRE">}}, we’ve made it easier for our users to find relevant and useful resources with every stream, as well as to see how SAMM aligns with other security standards such as NIST SSDF, ISO27K, PCI-DSS, OWASP ASVS, and NIST 800-53.
+
+Learn more in the <b>[OWASP SAMM now connects to OpenCRE](/blog/2023/09/20/owasp-samm-now-connects-to-opencre/)</b> blog post.