SAMMY is our vision behind OWASP SAMM as a management process and tool. SAMMY is an OWASP SAMM tool that targets to reduce SAMM implementation complexity in organizations. SAMMY starts with small and quick wins and goes broader as there is more buy-in from the users.
SAMMY is free tool, however we do require registration. You can also use the fully anonymous lightweight version without any registration (you can export your data to SAMM Toolbox Excel). You are not the product and we will take maximum care to ensure the privacy and security of your data. For the full terms of conditions please have look at this document: Terms of agreement
The main conceptual features in SAMMY are as follows:
Our vision for SAMM workflow is compatible, but more elaborate than that of the official OWASP SAMM model. After a SAMM assessment each stream passes through an optional Validation stage and ends up either in an Improvement or Complete state.
We would love to get your feedback on SAMMY and we will definitely take it into account.
Get in touch with us using the Contact Us form.