-
Notifications
You must be signed in to change notification settings - Fork 13
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
0b74e10
commit a639cc8
Showing
193 changed files
with
208 additions
and
206 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,7 +2,7 @@ | |
| <img src=https://owaspsamm.org//img/logo-small.png alt="404 Page not found logo" class="visible-xs visible-sm"> | ||
| <span class=sr-only>404 Page not found - go to homepage</span></a><div class=navbar-buttons><button type=button class="navbar-toggle btn-template-main" data-toggle=collapse data-target=#navigation> | ||
| <span class=sr-only>Toggle Navigation</span> | ||
| <i class="fa fa-align-justify"></i></button></div></div><div class="navbar-collapse collapse" id=navigation><ul class="nav navbar-nav navbar-right"><li class=dropdown><a href=/about/>About SAMM</a></li><li class=dropdown><a href=/model/>The model</a></li><li class=dropdown><a href=/resources/>Resources</a></li><li class=dropdown><a href=# class=dropdown-toggle data-toggle=dropdown role=button aria-haspopup=true aria-expanded=false>Guidance <span class=caret></span></a><ul class=dropdown-menu><li><a href=/guidance/quick-start-guide/>Getting started</a></li><li><a href=/assessment/>Assessment</a></li><li><a href=/guidance/agile/>Agile</a></li><li><a href=/benchmarking/>Benchmarking</a></li><li><a href=/stream-guidance/>Stream guidance</a></li></ul></li><li class=dropdown><a href=# class=dropdown-toggle data-toggle=dropdown role=button aria-haspopup=true aria-expanded=false>Community <span class=caret></span></a><ul class=dropdown-menu><li><a href=/blog/>Blog</a></li><li><a href=/user-day/>User Day</a></li><li><a href=/events/>Events</a></li><li><a href=/sponsors/>Sponsors</a></li><li><a href=/references/>References</a></li><li><a href=/practitioners/>Practitioners</a></li><li><a href=/faq/>FAQ</a></li><li><a href=/contributing/>Contributing</a></li><li><a href=/contact/>Contact</a></li></ul></li></ul></div><div class="collapse clearfix" id=search><form class=navbar-form role=search><div class=input-group><input type=text class=form-control placeholder=Search> | ||
| <i class="fa fa-align-justify"></i></button></div></div><div class="navbar-collapse collapse" id=navigation><ul class="nav navbar-nav navbar-right"><li class=dropdown><a href=/about/>About SAMM</a></li><li class=dropdown><a href=/model/>The model</a></li><li class=dropdown><a href=/resources/>Resources</a></li><li class=dropdown><a href=# class=dropdown-toggle data-toggle=dropdown role=button aria-haspopup=true aria-expanded=false>Guidance <span class=caret></span></a><ul class=dropdown-menu><li><a href=/guidance/quick-start-guide/>Getting started</a></li><li><a href=/assessment/>Assessment</a></li><li><a href=/guidance/agile/>Agile</a></li><li><a href=/benchmarking/>Benchmarking</a></li><li><a href=/stream-guidance/>Stream guidance</a></li></ul></li><li class=dropdown><a href=# class=dropdown-toggle data-toggle=dropdown role=button aria-haspopup=true aria-expanded=false>Community <span class=caret></span></a><ul class=dropdown-menu><li><a href=/blog/>Blog</a></li><li><a href=/user-day/>User Day</a></li><li><a href=/team/>The team</a></li><li><a href=/sponsors/>Sponsors</a></li><li><a href=/practitioners/>Practitioners</a></li><li><a href=/faq/>FAQ</a></li><li><a href=/contributing/>Contributing</a></li><li><a href=/contact/>Contact</a></li></ul></li></ul></div><div class="collapse clearfix" id=search><form class=navbar-form role=search><div class=input-group><input type=text class=form-control placeholder=Search> | ||
| <span class=input-group-btn><button type=submit class="btn btn-template-main"><i class="fa fa-search"></i></button></span></div></form></div></div></div></div></header><div id=content><div class=container><div class="col-sm-6 col-sm-offset-3" id=error-page><div class=box><p class=text-center><a href=https://owaspsamm.org/><img src=/img/logo.png alt="404 Page not found logo"></a></p><h3>We are sorry - this page is not here anymore</h3><h4 class=text-muted>Error 404 - Page not found</h4><p class=buttons><a href=https://owaspsamm.org/ class="btn btn-template-main"><i class="fa fa-home"></i>Go to Homepage</a></p></div></div></div></div><footer id=footer><div class=container><div class="col-md-8 col-sm-6"><h4>About us</h4><p>This is an OWASP Project.</br>OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security.</p><div class=social><a href=https://github.com/owaspsamm target=_blank style=opacity:1><i class="fab fa-2x fa-github"></i></a><a href=https://owasp.slack.com/messages/C0VF1EJGH target=_blank style=opacity:1><i class="fab fa-2x fa-slack"></i></a><a href=https://www.linkedin.com/company/owasp-samm/ target=_blank style=opacity:1><i class="fab fa-2x fa-linkedin-in"></i></a><a href=https://twitter.com/OwaspSAMM target=_blank style=opacity:1><i class="fa-brands fa-2x fa-x-twitter"></i></a><a href=https://www.meetup.com/owasp-samm/ target=_blank style=opacity:1><i class="fab fa-2x fa-meetup"></i></a><a href=https://www.youtube.com/channel/UCEZDbvQrj5APg5cEET49A_g target=_blank style=opacity:1><i class="fa fa-2x fa-youtube"></i></a><a href=mailto:[email protected] target=_blank style=opacity:1><i class="fa fa-2x fa-envelope"></i></a></div><hr class="hidden-md hidden-lg hidden-sm"></div><div class="col-md-4 col-sm-6"><a href=https://owasp.org target=_blank><img src=https://owaspsamm.org//img/owasp_logo_1c_w_notext.png alt="404 Page not found"></a></div></div></footer><div id=copyright><div class=container><div class=col-md-12><p class=pull-left>OWASP SAMM is published under the | ||
| <a href=https://creativecommons.org/licenses/by-sa/4.0/>CC BY-SA 4.0 license</a> | ||
| and we share the | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -2,7 +2,7 @@ | |
| <img src=https://owaspsamm.org//img/logo-small.png alt="About us logo" class="visible-xs visible-sm"> | ||
| <span class=sr-only>About us - go to homepage</span></a><div class=navbar-buttons><button type=button class="navbar-toggle btn-template-main" data-toggle=collapse data-target=#navigation> | ||
| <span class=sr-only>Toggle Navigation</span> | ||
| <i class="fa fa-align-justify"></i></button></div></div><div class="navbar-collapse collapse" id=navigation><ul class="nav navbar-nav navbar-right"><li class=dropdown><a href=/about/>About SAMM</a></li><li class=dropdown><a href=/model/>The model</a></li><li class=dropdown><a href=/resources/>Resources</a></li><li class=dropdown><a href=# class=dropdown-toggle data-toggle=dropdown role=button aria-haspopup=true aria-expanded=false>Guidance <span class=caret></span></a><ul class=dropdown-menu><li><a href=/guidance/quick-start-guide/>Getting started</a></li><li><a href=/assessment/>Assessment</a></li><li><a href=/guidance/agile/>Agile</a></li><li><a href=/benchmarking/>Benchmarking</a></li><li><a href=/stream-guidance/>Stream guidance</a></li></ul></li><li class=dropdown><a href=# class=dropdown-toggle data-toggle=dropdown role=button aria-haspopup=true aria-expanded=false>Community <span class=caret></span></a><ul class=dropdown-menu><li><a href=/blog/>Blog</a></li><li><a href=/user-day/>User Day</a></li><li><a href=/events/>Events</a></li><li><a href=/sponsors/>Sponsors</a></li><li><a href=/references/>References</a></li><li><a href=/practitioners/>Practitioners</a></li><li><a href=/faq/>FAQ</a></li><li><a href=/contributing/>Contributing</a></li><li><a href=/contact/>Contact</a></li></ul></li></ul></div><div class="collapse clearfix" id=search><form class=navbar-form role=search><div class=input-group><input type=text class=form-control placeholder=Search> | ||
| <i class="fa fa-align-justify"></i></button></div></div><div class="navbar-collapse collapse" id=navigation><ul class="nav navbar-nav navbar-right"><li class=dropdown><a href=/about/>About SAMM</a></li><li class=dropdown><a href=/model/>The model</a></li><li class=dropdown><a href=/resources/>Resources</a></li><li class=dropdown><a href=# class=dropdown-toggle data-toggle=dropdown role=button aria-haspopup=true aria-expanded=false>Guidance <span class=caret></span></a><ul class=dropdown-menu><li><a href=/guidance/quick-start-guide/>Getting started</a></li><li><a href=/assessment/>Assessment</a></li><li><a href=/guidance/agile/>Agile</a></li><li><a href=/benchmarking/>Benchmarking</a></li><li><a href=/stream-guidance/>Stream guidance</a></li></ul></li><li class=dropdown><a href=# class=dropdown-toggle data-toggle=dropdown role=button aria-haspopup=true aria-expanded=false>Community <span class=caret></span></a><ul class=dropdown-menu><li><a href=/blog/>Blog</a></li><li><a href=/user-day/>User Day</a></li><li><a href=/team/>The team</a></li><li><a href=/sponsors/>Sponsors</a></li><li><a href=/practitioners/>Practitioners</a></li><li><a href=/faq/>FAQ</a></li><li><a href=/contributing/>Contributing</a></li><li><a href=/contact/>Contact</a></li></ul></li></ul></div><div class="collapse clearfix" id=search><form class=navbar-form role=search><div class=input-group><input type=text class=form-control placeholder=Search> | ||
| <span class=input-group-btn><button type=submit class="btn btn-template-main"><i class="fa fa-search"></i></button></span></div></form></div></div></div></div></header><div id=heading-breadcrumbs><div class=container><div class=row><div class=col-md-12><h1>About us</h1></div></div></div></div><div id=content><div class=container><div class=row><div class="col-md-12 samm-page-content"><div><h2 id=what-is-owasp-samm>What is OWASP SAMM?</h2><p>SAMM stands for Software Assurance Maturity Model.</p><p>Our mission is to provide an effective and measurable way for all types of organizations to analyze and improve their software security posture. We want to raise awareness and educate organizations on how to design, develop, and deploy secure software through our self-assessment model. SAMM supports the complete software lifecycle and is technology and process agnostic. We built SAMM to be evolutive and risk-driven in nature, as there is no single recipe that works for all organizations.</p><div class=samm-features><div class=col-md-12><div><div class=col-md-4><div class=box-features><div class=icon><i class="fas fa-ruler"></i></div><h3>Measurable</h3><p>Defined maturity levels across security practices</p></div></div><div class=col-md-4><div class=box-features><div class=icon><i class="fas fa-bullhorn"></i></div><h3>Actionable</h3><p>Clear pathways for improving maturity levels</p></div></div><div class=col-md-4><div class=box-features><div class=icon><i class="fas fa-map-signs"></i></div><h3>Versatile</h3><p>Technology, process, and organization agnostic</p></div></div></div></div></div><p>The OWASP SAMM community is powered by security knowledgeable volunteers from businesses and educational organizations. The global community works to create freely-available articles, methodologies, documentation, tools, and technologies.</p><h2 id=the-owasp-samm-model>The OWASP SAMM Model</h2><p>SAMM is a prescriptive model, an open framework which is simple to use, fully defined, and measurable. The solution details are easy enough to follow even for non-security personnel. It helps organizations analyze their current software security practices, build a security program in defined iterations, show progressive improvements in secure practices, and define and measure security-related activities.</p><p>SAMM was defined with flexibility in mind so that small, medium, and large organizations using any style of development can customize and adopt it. It provides a means of knowing where your organization is on its journey towards software assurance and understanding what is recommended to move to the next level of maturity.</p><p>SAMM does not insist that all organizations achieve the maximum maturity level in every category. Each organization can determine the target maturity level for each Security Practice that is the best fit and adapt the available templates for their specific needs.</p><h2 id=owasp-samm-structure>OWASP SAMM structure</h2><p>SAMM is based around 15 security practices grouped into 5 business functions. Every security practice contains a set of activities, structured into 3 maturity levels. The activities on a lower maturity level are typically easier to execute and require less formalization than the ones on a higher maturity level.</p><div class=responsive-image><img class=img-responsive src=https://owaspsamm.org//img/pages/SAMM_model_structure.svg alt="business function with security practices, security practices with activites"></div><p>At the highest level, SAMM defines five business functions. Each business function is a category of activities that any organization involved with software development must fulfill to some degree.</p><p>Each business function has three security practices, areas of security-related activities that build assurance for the related business function.</p><p>Security practices have activities, grouped in logical flows and divided into two streams. Streams cover different aspects of a practice and have their own objectives, aligning and linking the activities in the practice over the different maturity levels.</p><p>For each security practice, SAMM defines three maturity levels. Each level has a successively more sophisticated objective with specific activities, and more strict success metrics.</p><p>The structure and setup of the SAMM model support</p><ul><li>the assessment of the organization’s current software security posture</li><li>the definition of the organization’s target</li><li>the definition of an implementation roadmap to get there</li><li>prescriptive advice on how to implement particular activities</li></ul><div class=responsive-image><img class=img-responsive src=https://owaspsamm.org//img/pages/SAMM_v2_diagram.svg alt="SAMM v2 model overview"></div><h2 id=useful-links>Useful links</h2><ul><li><a href=/faq>Frequently Asked Questions</a></li><li><a href=/mapping-versions>Mapping versions 1.5 to 2.0</a></li><li><a href=/v1-5>Version 1.5</a></li><li><a href=/acronyms-and-abbreviations>Acronyms and Abbreviations</a></li></ul><hr><p>SAMM is a community-based project. Don’t hesitate to <a href=/contact>contact us</a> with any feedback or questions.</p></div></div></div></div></div><footer id=footer><div class=container><div class="col-md-8 col-sm-6"><h4>About us</h4><p>This is an OWASP Project.</br>OWASP is an open community dedicated to enabling organizations to conceive, develop, acquire, operate, and maintain applications that can be trusted. All of the OWASP tools, documents, forums, and chapters are free and open to anyone interested in improving application security.</p><div class=social><a href=https://github.com/owaspsamm target=_blank style=opacity:1><i class="fab fa-2x fa-github"></i></a><a href=https://owasp.slack.com/messages/C0VF1EJGH target=_blank style=opacity:1><i class="fab fa-2x fa-slack"></i></a><a href=https://www.linkedin.com/company/owasp-samm/ target=_blank style=opacity:1><i class="fab fa-2x fa-linkedin-in"></i></a><a href=https://twitter.com/OwaspSAMM target=_blank style=opacity:1><i class="fa-brands fa-2x fa-x-twitter"></i></a><a href=https://www.meetup.com/owasp-samm/ target=_blank style=opacity:1><i class="fab fa-2x fa-meetup"></i></a><a href=https://www.youtube.com/channel/UCEZDbvQrj5APg5cEET49A_g target=_blank style=opacity:1><i class="fa fa-2x fa-youtube"></i></a><a href=mailto:[email protected] target=_blank style=opacity:1><i class="fa fa-2x fa-envelope"></i></a></div><hr class="hidden-md hidden-lg hidden-sm"></div><div class="col-md-4 col-sm-6"><a href=https://owasp.org target=_blank><img src=https://owaspsamm.org//img/owasp_logo_1c_w_notext.png alt="About us"></a></div></div></footer><div id=copyright><div class=container><div class=col-md-12><p class=pull-left>OWASP SAMM is published under the | ||
| <a href=https://creativecommons.org/licenses/by-sa/4.0/>CC BY-SA 4.0 license</a> | ||
| and we share the | ||
|
|
||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.