Welcome to SAMMY
SAMMY has started out as a management tool for the OWASP SAMM model.
However, it has evolved in the past months to a platform that can support the complete quality management programme at your organization.
SAMMY can work with any model whether it is a security-focused framework (e.g., OWASP SAMM, ISO 27001) or a more generic quality management framework (e.g., ISO 9001).
The models we currently support are as follows:
A mapping between these frameworks is an upcoming feature that will be based on an open source OWASP project, namely OpenCRE.
- OWASP SAMM
- NIST SP 800-34
- NIST Secure Software Development Framework (NIST SSDF) *
- NIST Cyber Security Framework (NIST CSF 2.0) *
- CCB CyberFundamentals Framework *
- ISO27001:2013, ISO27001:2022 *
A mapping between these frameworks is an upcoming feature that will be based on an open source OWASP project, namely OpenCRE.
In a nutshell
All the quality frameworks eventually boil down to a set of basic use-cases that SAMMY supports out-of-the box:- Evaluate the current situation and create a baseline
- Figure out the improvement roadmap whether it is compliance- or quality-first
- Work the improvement plan
- Re-assess
We welcome your feedback
Contact us for a full demo of the SAMMY tool.SAMMY is free tool, however we do require registration. You are not the product, and we will take maximum care to ensure the privacy and security of your data. For the full terms and conditions please have a look at this document: Terms of agreement