Intro

SAMMY is our vision behind OWASP SAMM as a management process and tool. SAMMY is an OWASP SAMM tool that targets to reduce SAMM implementation complexity in organizations. SAMMY starts with small and quick wins and goes broader as there is more buy-in from the users.

SAMMY is free tool, however we do require registration. You can also use the fully anonymous lightweight version without any registration (you can export your data to SAMM Toolbox Excel). You are not the product and we will take maximum care to ensure the privacy and security of your data. For the full terms of conditions please have look at this document: Terms of agreement

Core concepts

The main conceptual features in SAMMY are as follows:

• Splitting up SAMM per stream into separate (ideally independent) processes
• Ownership allocation throughout the process
• Limiting the SAMM scope based on progress and weights
• Supporting documentation/evidence for each stream and maturity level

Our vision for SAMM workflow is compatible, but more elaborate than that of the official OWASP SAMM model. After a SAMM assessment each stream passes through an optional Validation stage and ends up either in an Improvement or Complete state.

We welcome your feedback

We would love to get your feedback on SAMMY and we will definitely take it into account.