Originally designed as a management tool for OWASP SAMM, SAMMY has rapidly evolved into a comprehensive platform that can support
your organization’s entire secure software development and application security management program.
Whether you’re focused on security frameworks like ISO 27001 and OWASP SAMM, or broader quality management systems such as ISO 9001, SAMMY is built to adapt.
Our platform offers extensive support for a variety of models, allowing you to seamlessly manage compliance, security, and maturity standards in one place.
Plus, SAMMY goes a step further by providing mappings between different frameworks, helping you navigate the complex landscape of regulations with ease.
Program and maturity frameworks
We have a growing list of supported program and maturity frameworks, standards and models.
Control frameworks
* Some of these may be only supported in the licensed versions
Mappings between frameworks
A mapping between many of these frameworks is readily available. We support 3 types of mappings:
- Standard mappings through OpenCRE.
- High quality direct mappings *.
- Transitive mappings using a combination of a direct mapping and OpenCRE.
More mappings are also available, but only in the licensed versions.
In a nutshell
All the quality frameworks eventually boil down to a set of basic use-cases that SAMMY supports out-of-the box:
- Evaluate the current situation and create a baseline
- Figure out the improvement roadmap whether it is compliance or security first
- Work the improvement plan
- Re-assess
We welcome your feedback
Contact us for a full demo of the SAMMY tool.
SAMMY is free tool, however we do require registration.
You are not the product, and we will take maximum care to ensure the privacy and security of your data.
For the full terms and conditions please have a look at this document:
Terms of agreement