We will provide a short introduction to OWASP SAMM, which is a flagship OWASP project allowing organizations to bootstrap and iteratively improve their secure software practice in a measurable way.
Seba will explain the SAMM model, consisting of 15 security practices. Every security practice contains a set of activities, structured into 3 maturity levels. The activities on a lower maturity level are typically easier to execute and require less formalization than the ones on a higher maturity level.
A the end we will cover how you can engage with the SAMM community and provide an overview of what happened at our latest SAMM User Day which happened on May 27th.

Segment Resources:
- owaspsamm.org/
- github.com/OWASPsamm
- app.slack.com/client/T04T40NHX/C0VF1EJGH
- youtube.com/channel/UCEZDbvQrj5APg5cEET49A_g
- twitter.com/OwaspSAMM
- linkedin.com/company/18910344/admin/

Visit securityweekly.com/asw for all the latest episodes!

Show Notes: securityweekly.com/asw154

• OWASP SAMM - Software Assurance Maturity Model - Sebastian Deleersnyder - ASW #154 ( Download)
• OWASP SAMM - Software Assurance Maturity Model - Sebastian Deleersnyder - ASW Vault ( Download)
• Ep 111 How to use the Software Assurance Maturity Model (SAMM) to Build Highly Secure Applications ( Download)
• OWASP SAMM Deep-dive sessions - Implementation | Secure Deployment ( Download)
• The CERT Software Assurance Framework ( Download)
• Threat Modeling Playbook by Sebastien Deleersnyder ( Download)
• OWASP Ottawa August 2020: OWASP DevSecOps Maturity Model ( Download)
• ALPACA, EA Breach, sprintf Lives, Go Fuzzing, K8s Goat, & OT Basics - ASW #154 ( Download)
• OWASP Vitoria - Setembro/2020 ( Download)
• Cyber Security Expert Gary Rimar and Lee Neubecker Discuss the NIST 800 53 Framework ( Download)
• OWASP Pro Active Controls 2/10 - Código Seguro #049 | Cássio B. Pereira ( Download)
• Microsoft SDL - Ciclo de Desenvolvimento Seguro de Software (Introdução) ( Download)