OWASP SAMM Assessment

Holistic Review of the Software Lifecycle

The OWASP SAMM (Software Assurance Maturity Model) offers a structured approach to evaluating and planning targeted measures for improving software development processes. SAMM is technology and process-agnostic, aiming to identify and minimize security risks, thereby strengthening trust in software. It provides a holistic analysis of the software lifecycle, encompassing not only the design and implementation of software but also governance, verification, and subsequent operations. Through our guided assessment, we help you identify existing deficiencies in your Secure Software Development Lifecycle (SSDLC) and optimize them specifically using an implementation roadmap.

Request offer

Selected references on the subject

The OWASP Software Assurance Maturity Model

OWASP SAMM ...

  • provides an objective and measurable assessment of the current maturity level of your software development processes
  • uncovers weaknesses and areas for improvement in processes
  • helps prioritize security activities
  • enables targeted and efficient improvements of the software security
  • can be adapted to the individual needs of the organization.

The model covers the entire software development lifecycle split into five business functions, each of which is further divided into three security practices:

Figure: OWASP SAMM Modell from https://owaspsamm.org/release-notes-v2/

The individual business functions are briefly described below.

  • Governance: Processes and activities related to the management and steering of software development activities. This includes elements such as the strategic alignment of the company, policies and guidelines, metrics for measuring compliance with these guidelines, and employee training.
  • Design: Processes and activities for defining goals and structuring development projects. This involves gathering security requirements, creating risk profiles, and selecting appropriate technologies and security architectures.
  • Implementation: Focuses on the processes and activities for securely creating software components. Elements within this function usually have the greatest direct impact on the daily work of software developers.
  • Verification: Processes and activities for checking artifacts before their delivery. This includes elements for verifying compliance with security requirements, performing security tests, and regularly reviewing and updating the architecture.
  • Operations: Processes and activities for ensuring security during the operation of an application. In addition to secure deployment, this function also relates to handling (security) incidents, regularly updating components, protecting information, and decommissioning components after they have reached their end-of-life.

Why get Support from Redguard?

Having an OWASP SAMM review guided by an experienced Redguard consultant helps improve the accuracy, efficiency, and effectiveness of the review. More specifically, this support offers the following advantages:

  • Expert knowledge and experience: Our security specialists possess in-depth knowledge of the OWASP SAMM model and its application across various industries and organizations. With this expertise, they can offer valuable insights and propose proven, solution-oriented methods to ensure the review covers all relevant areas, is effective, and avoids common time-consuming mistakes.
  • Accurate and realistic picture of the current maturity level as an independent third-party: We provide an objective assessment of a company's software security processes, free from internal biases or conflicts of interest.
  • Efficiency and time savings: We accelerate the review process by pre-filling the questionnaire based on provided documents before workshops, allowing us to ask the right questions to gather all relevant information efficiently.
  • Better identification of improvement opportunities: Our security specialists have many years of experience in various areas of (software) security and have access to the expertise of almost 100 other specialists. This experience is leveraged in our assessments to uncover weaknesses and improvement opportunities within your software security processes.
  • Roadmap as a concrete outcome: Our experienced security specialists can help you create a roadmap based on the results of the OWASP SAMM assessment. This roadmap will collaboratively define and prioritize the next steps to improve your maturity level according to your specific needs.

Process of an OWASP SAMM Assessments

Figure: Process of an OWASP SAMM Assessments

Contact us if you'd like to put your Secure Software Development Lifecycle through a holistic review to reach the next level of security.