Owasp SAMM v1.5

OWASPSAMMv1.5

WhatisSAMM?• TheSoftwareAssuranceMaturityModel(SAMM)isanopenframework

tohelporganizationsformulateandimplementastrategyforsoftwaresecuritythatistailoredtothespecificrisksfacingtheorganization.

• TheresourcesprovidedbySAMMwillaidin:– Evaluatinganorganization’sexistingsoftwaresecuritypractices.– Buildingabalancedsoftwaresecurityassuranceprograminwell-defined

iterations.– Demonstratingconcreteimprovementstoasecurityassuranceprogram.– Definingandmeasuringsecurity-relatedactivitiesthroughoutan

organization.

UsingaMaturityModel• Changesmustbeiterative whileworkingtowardlong-termgoals

Anorganization’sbehaviorchangesslowlyovertime

• Asolutionmustenablerisk-basedchoicestailoredtotheorganization

Thereisnosinglerecipethatworksforallorganizations

• Asolutionmustprovideenoughdetails fornon-security-people

Guidancerelatedtosecurityactivitiesmust

beprescriptive

• OWASPSoftwareAssuranceMaturityModel(SAMM)

Overall,mustbesimple,well-defined,andmeasurable

WhySAMM?”Themostthatcanbeexpectedfromanymodelisthatitcansupplyausefulapproximationtoreality:Allmodelsarewrong;somemodelsareuseful.”– GeorgeE.P.Box

ProjectHistory

OpenSAMM1.0

OWASPSAMM1.1

OWASPSAMM1.5

OWASPSAMM2.0

OpenSAMMMarch2009

March2016 February2017 2018-2019

SAMMFramework• ForeachofthefourBusinessFunctions,threeSecurityPracticesaredefined• Thesecuritypracticescoverareasrelevanttosoftwaresecurityassurance

Example:Education&Guidance

Leveldefinitions...• Objective• Activities• Assessment• Results• SuccessMetrics• Costs• Personnel• RelatedLevels

MaturityLevels& AssessmentScoresComprehensivemastery

atscale

Increasedefficiency/effectiveness

Ad-hocprovision

Practiceunfulfilled • Transparentviewoverdifferentlevels• Fine-grainedimprovementsarevisible

Few/Some

AtLeastHalfMany/Most

• ContinuousImprovement

• Iterative

• SmallSteps

ASSESSquestionnaire

GOALgapanalysis

PLANroadmap

IMPLEMENTOWASPresources

SAMMQuickStart

AssessviaWorksheet

AssessviaToolbox

Goal• Gapanalysis• Demonstratingimprovement• Ongoingmeasurement

Plan• Roadmaps:usethe“buildingblocks”

• Templatesfortypicalkindsoforganizations

• Tunethesetoyourowntargets/speed

Implement:150+OWASPresources

DevelopmentGuideCheatSheetsQuickReferenceGuide

WebGoat,iGoat,GoatDroid,AppSecTutorials,TopTen Education TestingGuide

HackademicChallengesRedBook

SAMMToolbox– Interview

SAMMToolbox– Scorecard

SAMMToolbox– Roadmap

SAMMToolbox– RoadmapChart

SAMMProjectRoadmapv2.0(InProgress):• Modelrevision• MoreMetrics!• Applicationtoagile• Roadmapeffortplanning• Benchmarking

Buildthecommunity:• GrowlistofSAMMadopters• Workshopsatconferences• DedicatedSAMMSummit• ContributeAnonResults

Getinvolved• Projectmailinglist/workpackages• Useanddonate(feed)back!• Donateresources• SponsorSAMM

FollowOWASPSAMM

twitter.com/OwaspSAMM

Thankyou!

Questions?brian.glas@nvisium.com

Owasp SAMM v1.5

Software

OWASP SAMM Best Practices, Lessons from the Trenches Seba Deleersnyder seba@owasp.org OpenSAMM project co-leader presentation created together with Bart

version 2.0 OWASP SAMM · 2020. 2. 21. · Startups (1996-2000), Higher Education (1999-2009), Corporate (2009-Present): Software Development / ... • building a balanced software

STATIC AIRCRAFT .mdl MAKER (SAMM) - Version 2stuff4fs.com/Applications/SAMM/Static Aircraft .mdl Maker.pdf · P3Dv2. SAMM does not support new aircraft formats (if any) introduced

OWASP SAMM · 26/02/2020 · on August 21st, 2008 Thanks to sponsorship and feedback from Fortify, we've finished an initial release of the Software Assurance Maturity Model (SAMM)

App#Security?#There#is#ametric#for#that!# - Secure360€¦ · • Based#on#OWASP#So_ware#Assurance# Maturity#Model#(SAMM)# • Uses#SAMM’s#quesDonnaire#for#determining# the#maturity#model#

Väike samm Sinule, suur samm Eestile! · Väike samm Sinule, suur samm Eestile! Eelmistel eurovalimistel otsustas lõpliku valimistulemuse vaid kuus valija hääl! Ärme jäta neid

Software Assurance Maturity Model (SAMM) - OWASP · The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for

OWASP @ ISCTE-IUL, OWASP e OWASP Portugal

SIM808 GPS Tracker v1.5 user manual - makerfabs GPS Tracker v1.5... · SIM808 GPS Tracker v1.5 user manual Version: v1.5 ... GPRS/GSM Antenna IPX Interface ... channel@makerfabs.com

Samm torpedo-2012-reloaded

OWASP SAMM v1.5 OWASP GoSec - s3.amazonaws.com · •OWASP Software Assurance Maturity Model (SAMM) Overall, must be simple, well-defined, and measurable. Project History OpenSAMM

· ms iso/iec 17025 074 ms iso/iec 17020 calibration 'testing mbas no. 003 samm no. 085 no. 086. samm no. 087 no. 219 samm no. 231 samm no. 240 no. 299 sammno. 474 samm no. 377 a

SAMM - Report progetto

DAS SIG ALS SCHMERZURSACHE - samm.ch · Manuelle Medizin SAMM I MédecineManuelle SAMM I MedicinaManuale SAMM DAS SIG ALS SCHMERZURSACHE Stephan Bürgin -Nikolaus Hoyer Grudlagenwisseninteraktiv

Owasp tools - OWASP Serbia

OWASP SAMM v2.0 - Core Model Document

Update OWASP SAMM€¦ · What is SAMM? The mission of OWASP SAMM is to be the prime maturity model for software assurance that provides an eﬀective and measurable way for all types

SAMM 2.0 - Changing the Role of App. Security...•Why OWASP SAMM? 4 •OWASP SAMM 2.0 Overview. Application Security Challenges • Software development experience is rare among information

OWASP (Membership) and new OWASP Projects · OWASP 7 OWASP

Presentation3projet V1.5