SAMMY is our application security management tool, originally designed to track our internal security posture and activities based on OWASP SAMM. We soon realized that other organizations were looking for a similar solution, so we decided to make SAMMY available for free on our website.

The tool’s efficient workflow quickly attracted interest, and users requested support for additional frameworks. We have since expanded SAMMY to include Disaster Recovery Plan Management based on NIST guidelines, as well as support for ISO 27001 compliance. We’ve also added a feature to export OWASP SAMM assessments to NIST SSDF readiness reports. Our future plans involve adding more models and frameworks to make security management more measurable, actionable, and streamlined.

Want to learn more? Let’s see everything you can do with SAMMY!

Managing your application security following the OWASP SAMM model!

Implement the NIST SSDF Disaster Recovery Plan Guidance!

 ISO 27001 compliance management!

Who uses SAMMY?

SAMMY can be used by organizations large and small. Anyone who builds software, either to sell or to run their own business, and by now who doesn’t? Codific is a small startup of around 20 employees, and the tool was first developed internally for our own use. With the rise of OWASP SAMM more and more organizations are adopting the tool. For example…

Zebra Technologies

“Spreadsheets are not the way to manage large organizations, you need a solid tool,”

Dr. Jasyn Voshell, director of product security at Zebra Technologies

Can I get started with SAMM & SAMMY right now?

Yes! It’s a free tool. Click here to get started with SAMMY.

If you want to study SAMM first you can find the PDF of version 2.0 here.   

How can I learn more about OWASP SAMM?

Check out the OWASP SAMM training provided by OWASP and delivered by our CEO Dr. Aram Hovsepyan.