Manage your AppSec with

SAMMY is a GRC management tool that connects maturity, control and compliance frameworks. SAMMY enables smooth collaboration and transparency across security minded teams.

Start using SAMMY today

Register for Free

Good security leads to easy compliance

By tracking and managing your security processes first, compliance becomes easy.

Keep track of your security processes, your security posture and your improvement roadmaps based on the maturity frameworks of your choice.

With the structured inventorisation and documentation of your processes and SAMMY’s framework mappings any compliance effort is just a few clicks away. 

Maturity Frameworks

Program Frameworks

Control Frameworks

Assesments
Types

  • Self-Assessments
  • Top-down Assessments
  • Bottom-up Assessments
  • External Assessments
  • M&A Assessments

The framework you need isn’t here? We can easily add it, just contact us.

Good security leads to effective governance

Clear and transparent overviews of processes, policies and compliance leads to effective governance.

SAMMY maps between maturity frameworks, compliance frameworks and control frameworks in order to avoid duplicate work and duplicate documentation.

The security first approach ensures a realistic and true representation of the reality, linking policies to controls and evidence in the most efficient way.  

Open CRE Mappings

Open CRE
Mappings

Direct Mappings

High-Quality Direct
Mappings

Combination of Both

Combination of
Both

Good security leads to lower risk.

Mapping out security postures and setting target postures on a team level maximizes the ROI of your investment in reducing risk.

Target postures can be compliance based or can be risk based taking into account the technological and business context of each scope.

SAMMY provides a library of target postures to guide teams in different contexts and frameworks.

5+ Years

Managing AppSec

1 700+

Organizations

70 000+

Assessments

Good security starts with SAMMY

Thousands of organizations use SAMMY to manage their maturity, compliance and control frameworks.

Especially those who aspire to fundamentally improve the security of their products and to have a realistic picture of the different teams and product groups within a larger organization.

Start using SAMMY and simplify your GRC management.

Register for Free

The SAMMY Community

SAMMY not only provides a cutting-edge tool for application security management, but it also contributes to the community in other ways.

Involvement in OWASP SAMMY v2: Open SAMMY

Open SAMMY

The predecessor to the current version of SAMMY was donated to the OWASP Community and is now a community-driven OWASP Project called Open SAMMY.

Open SAMMY is an open-source version of SAMMY that allows organizations to manage their AppSec using OWASP SAMM and very soon, OWASP DSOMM as well.

OpenSAMMY is one of many of Codific’s contributions to the OWASP Community. Learn more about Codific @ OWASP.

Our Partner Programs

SAMMY’s Partner Programs bring together organizations from the application security community to drive the shared goal of improving application security.

SAMMY Background 4

Implementation Partners Program

SAMMY is built entirely in-house by AppSec specialists, but security consultancy requires more capacity than we can handle alone. To bridge this gap, we’ve partnered with top industry consultants—many of whom have contributed to OWASP standards and guidelines—to provide deep expertise and drive SAMMY adoption. These are called our Implementation Partners.

Explore our Implementation Partners

Want to become an Implementation Partner? Contact us

SAMMY Background 3

Recommended Vendors Program 

OWASP SAMM is the main framework used in SAMMY, but finding the right vendors to support security maturity can be challenging. To address this, we created the Recommended Vendor program, carefully selecting vendors whose solutions align with SAMM’s 30 streams. These vendors are vetted based on alignment, ease of use, proven results, and reputation, ensuring SAMMY users get the best support. 

Explore our Recommended Vendors

Want to become a Recommended Vendor? Apply here

Free Training and Guidance

As AppSec specialists, we give back to the community by offering free, accessible guidance and training. To maximize value, we focus on the AppSec program we know best: OWASP SAMM.

Application Security - Secure Software Development

OWASP SAMM Training

Learn OWASP SAMM through specialized training, empowering teams to build and maintain secure software.

Find out more >

Ed-Tech-Solutions- Secure Software Development

OWASP SAMM Guidance

Get expert OWASP SAMM guidance to enhance your security framework and align with industry best practices.

Find out more >

Do you need more?

Would you like to run SAMMY on prem? Integrate with your other tools? Have customized of workflows and reports? Or just want to make sure to have a SLA with us?

Contact Us

Free

For small
organizations

$0
per user /month
(limits apply)
Start today

Free
features:

3 Users Maximum
3 Scopes
1 Target Scope(s)
Standard Reporting (Limited Use)
Multiple Assessment Frameworks
Mappings with OpenCRE
Full Data Privacy

Premium

For growing
organizations

$25
per user /month
(limits apply)
Start today

Everything from
Free plus:

10 Users Maximum
10 Scopes
10 Target Scopes
Unlimited Standard Reports
All Assessment Frameworks
Control Frameworks
Control Management
Premium Direct Mappings
Mapping Reports
JIRA Integration

Pro

For medium-sized
organizations

$65
per user /month
(invoiced annually)
Calculate price

Everything from
Premium plus:

No User Limitation
Unlimited Scopes
Unlimited Target Scopes
Branded Reports
Standart Single Sign-On
SLA
Priority Support

Enterprise

For enterprise
organizations

Contact us
for a
custom quote
Get a Quote

Everything from
Pro plus:

Custom Models
Custom Integrations
Custom Features
Custom Reports
Custom Single Sign-On
Dedicated / On-Prem Deployment

Subscribe to the AppSec Newsletter