Codific joins the OWASP SAMM project as a lead sponsor

2 September, 2022

sammy, security by design, threat modeling

Codific’s mission is “Building a simple and safe digital future”. We develop Ed-Tech and HR-Tech solutions by placing usability and software security in the pilot seat of our software development jet. Last year we have introduced OWASP SAMM as our Application Security and Assurance program. Moreover, we have also created the SAMMY tool. By leveraging OWASP SAMM, SAMMY allows companies to measure their current security posture, formulate a security improvement strategy tailored to their risk profile, and demonstrate measurable improvements over time. By becoming an OWASP SAMM Leader sponsor we are stoked to formalize our contribution to the project and make the world a more secure place.

Our organization’s strong security posture is largely influenced by our CEO’s background. Aram has a Ph.D. in cybersecurity and has been a privacy threat modeling researcher at the Imec-DistriNet lab of KULeuven in Belgium. Amongst his contributions is the LINDDUN framework, which is now part of NIST and ISO standards for privacy engineering. Motivated to make security more accessible for other organizations Aram has joined the OWASP SAMM core team last year.

 

Why did we choose to sponsor OWASP SAMM?

Having security in our DNA is clearly not enough as “you can’t manage what you don’t measure”. Hence it is essential to have the capability to demonstrate our security posture in a measurable way. OWASP SAMM is a Security Assurance program that can help any company formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. Despite the myriad of secure software development lifecycle methodologies SAMM is simple, risk-based, iterative and prescriptive. Codific has adopted OWASP SAMM as its Security Assurance programme and after a period of 9 months we are pleased to share that SAMM has delivered on its promises.

Alongside with introducing SAMM we have developed SAMMY, which is a SAMM management tool. We have immediately taken the decision to give back to the community and release SAMMY as a free tool that any organization out there can start using. As a validation of both our efforts and the OWASP SAMM a large multinational corporation has recently signed up for SAMMY to manage their SAMM adoption.

Taking all of these factors into account it was an obvious choice for Codific to join the OWASP SAMM project as a Leader sponsor along with security giants, such as Toreon, Checkmarx, Fortify and others.