Join Codific at OWASP Global AppSec US 2025
November 3–7, 2025 | Washington D.C., United States
Location: Marriott Marquis Washington, DC
Official Event Page →
Sessions Not to Miss
Dr. Aram Hovsepyan
Codific
CEO
Aram is the founder and CEO of Codific and a core contributor to OWASP SAMM, with over 15 years of AppSec experience helping organizations embed security into their SDLC. He holds a PhD in cybersecurity from KU Leuven, where his work on LINDDUN influenced both ISO and NIST standards.
November 5, Wednesday 9:00 AM, Room Supreme Court
An overview and comparison of SAMM and DSOMM
Many practitioners struggle to understand how SAMM AND DSOMM differ and where they overlap. In this session, we’ll provide a high-level overview of each model, followed by a direct comparison that highlights their unique strengths, intended use cases, and areas of commonality. Using concrete examples, we’ll address common points of confusion and help you decide how these models best fit your organization’s needs.
November 6, Thursday 2:15 PM, Room Monument
The Most Common AppSec Failures in Fortune 500 Companies and Beyond
Drawing on more than 40 hands on assessments across Fortune 500 and other organizations, Aram reports recurring pitfalls, no shared view of application risk, missing security requirements despite ASVS, superficial or outsourced threat modeling, overreliance on tools like ASPM, opaque metrics with undefined goals, and siloed teams. The session presents concrete examples and SAMM aligned fixes, equipping attendees with a clear view of what truly makes or breaks application security.
Dr. Dag Flachet
Codific
Co-founder
Dag is a Co-Founder at Codific, holds a PhD in business administration, and is an active member of the OWASP Barcelona Chapter and SAMM Project, where he specializes in mapping SAMM to the Cyber Resilience Act.
November 5, Wednesday 11:30 AM, Room Supreme Court
Stacking Frameworks
In the last year a lot of organizations have started talking about “stacking frameworks”. With this term we mean using different frameworks at the different layers of the organization. A common stack for example is NIST CSF at the corporate level, OWASP SAMM at the business unit level and DSOMM at the dev team level. The purpose of this interactive conversation is to share experiences and have an open discussion as to what go-to stacks could look like. And whether scoring (using OpenCRE) should map up, down, both or not at all.
A Look Back: OWASP Highlights
At Codific, we don’t just attend—we actively shape the OWASP community. Last year, we participated in both Global AppSec Lisbon and Global AppSec San Francisco, where our team and clients shared valuable insights. This year we also participated in Global AppSec Barcelona:
Dr Aram Hovsepyan
Talk: Automating Security Test Cases Based on ASVS (Lisbon & San Francisco)
Dimitar Raichev (Codific, Secure Software Engineer)
Talk: Bridging Security & Privacy Standards: Harnessing OpenCRE for Effective Mapping (San Francisco)
Dr. Jasyn Voshell (Zebra Technologies, Codific client)
Talk: Maturing SDLC at a Fortune 500 Company Based on OWASP SAMM (San Francisco)
Dag Flachet (Codific, Chief Growth Officer)
Talk: CRA, are we ready? A structured analysis of industry readiness (Barcelona)
Manage your AppSec with SAMMY
SAMMY is a unified platform that helps you translate frameworks into clear, measurable actions. Assess where you stand, create SMART improvement plans, and demonstrate progress with actionable dashboards — all in one unified platform.
Building a Stronger Community
Meetings & Community Calls
Both OWASP SAMM and SAMMY thrive on the power of community. Being part of this ecosystem means staying at the cutting edge of secure software development, sharing insights, and helping shape the future of application security.
Join the conversation, connect with like-minded professionals, and stay up to date on the latest developments:
-
OWASP Community Meetings – View upcoming sessions
-
OWASP SAMM Community Calls – Learn what’s new
-
SAMMY Community Calls – See what’s coming next
Become a Recommended Vendor in SAMMY
Since the beginning of 2025, Codific has been actively partnering with select vendors for each security stream within SAMMY. This initiative connects our users with trusted tools and services right at the critical moment when gaps in security processes are identified.
If you offer innovative security solutions and want to showcase your product or service to organizations actively maturing their secure software practices, apply now to join our Recommended Vendor Program.
SAMMY Implementation Partners Program
SAMMY is built entirely in-house by AppSec specialists, but security consultancy requires more capacity than we can handle alone. To bridge this gap, we’ve partnered with top industry consultants—many of whom have contributed to OWASP standards and guidelines—to provide deep expertise and drive SAMMY adoption. These are called our Implementation Partners.
Academic Application Security Program
Since 2025, Codific has been supporting the next generation of cybersecurity professionals through our Academic Application Security Program. This initiative offers students free access to SAMMY, providing hands-on experience with real-world application security tools.