Open SAMMY is an open-sourceApplication Security Management tool designed to help organizations systematically assess, plan, and improve their security posture. Open SAMMY provides a structured way to manageOWASP SAMM (Software Assurance Maturity Model) assessments and improvement roadmaps.

How Open SAMMY Helps Organizations

With Open SAMMY, security teams can:

• Assess: Perform structured evaluations using the OWASP SAMM framework to understand the maturity of their software security practices.
• Plan: Generate actionable improvement plans based on identified gaps, tailored to organizational goals.
• Improve: Track progress over time, ensuring continuous enhancement of security capabilities.
• Demonstrate Improvements: Demonstrate tangible and measurable improvements to the organization and the team.

Key Features

• ✅OWASP SAMM-Based Assessments – Conduct and manage assessments based on OWASP SAMM to gain insights into current security maturity.
• ✅Roadmap Planning – Develop data-driven improvement plans to enhance application security processes.
• ✅Open-Source & Community-Driven – As an OWASP project, Open SAMMY benefits from community contributions and transparency.
• ✅Percent to Target – Support for the new OWASP SAMMPercent to target metric that provides a pragmatic answer to the “Not applicable” issue.
• ✅Upcoming DSOMM Support – Future integration withOWASP DSOMM (DevSecOps Maturity Model) to expand security maturity assessments into DevSecOps.

Why Use Open SAMMY?

• Tailored for Application Security: Built specifically to align withOWASP SAMM, ensuring comprehensive security maturity management.
• Extensible & Future-Proof: Designed to support additional frameworks like OWASP DSOMM and other security models.

Get Started with Open SAMMY

• Explore the Project:OWASP Open SAMMY Repository
• Join the Community:OWASP Open SAMMY Project Page
• Contribute & Collaborate: Help shape the future of Open SAMMY by contributing to the open-source initiative.

Empower your application security journey withOpen SAMMY – the open-source tool for managing security maturity withOWASP SAMM and beyond!

Roadmap

• Support for OWASP DSOMM
• Translations

Related Projects

OWASP Resources:

• OWASP Software Assurance Maturity Model (SAMM)
• OWASP DevSecOps Maturity Model (DSOMM)