SAMMY, software assurance maturity model tool

SAMMY is our application security management tool. It started as an internal tool to keep track of our security posture and activities using OWASP SAMM. We soon notices that many other organization were looking for a tool to manage their security posture with OWASP SAMM, so we made the tool freely available on our website.

The workflow in the app is so smooth and efficient that our users asked to add support for more models. We have added support for Disaster Recovery Plan Management based on the guidance of NIST and  support for ISO 27001. We also have feature to export OWASP SAMM assessments to NIST SSDF readiness reports. In the coming months and years we intend to add many more models and frameworks to make your application security management measurable, actionable and smooth!

Want to learn more? Let’s see everything you can do with SAMMY!

Managing your application security following the OWASP SAMM model!

Implement the NIST SSDF Disaster Recovery Plan Guidance!

 ISO 27001 compliance management!

Who uses SAMMY?

SAMMY can be used by organizations large and small. Anyone who builds software, either to sell or to run their own business, and by now who doesn’t? Codific is a small startup of around 20 employees, and the tool was first developed internally for our own use. With the rise of OWASP SAMM more and more organizations are adopting the tool. For example…

Zebra Technologies

“Spreadsheets are not the way to manage large organizations, you need a solid tool,”

Dr. Jasyn Voshell, director of product security at Zebra Technologies

Can I get started with SAMM & SAMMY right now?

Yes! It’s a free tool. Click here to get started with SAMMY.

If you want to study SAMM first you can find the PDF of version 2.0 here.   

How can I learn more about OWASP SAMM?

Check out the OWASP SAMM training provided by OWASP and delivered by our CEO Dr. Aram Hovsepyan.