SAMMY has started out as a management tool for the
OWASP SAMM model.
However, it has evolved in the past months to a platform that can support the complete quality management programme at your organization.
SAMMY can work with any model whether it is a security-focused framework (e.g., OWASP SAMM, ISO 27001) or a more generic quality management framework (e.g., ISO 9001).
The models we currently support are as follows:
* only available in the SAMMY Enterprise Edition
A mapping between these frameworks is an upcoming feature that will be based on an open source OWASP project,
namely OpenCRE.
In a nutshell
All the quality frameworks eventually boil down to a set of basic use-cases that SAMMY supports out-of-the box:
- Evaluate the current situation and create a baseline
- Figure out the improvement roadmap whether it is compliance- or quality-first
- Work the improvement plan
- Re-assess