Welcome to SAMMY


SAMMY has started out as a management tool for the OWASP SAMM model. However it has evolved in the past months to a platform that can support the complete quality management programme at your organization. SAMMY can work with any model whether it is a security-focused framework (e.g., OWASP SAMM, ISO 27001) or a more generic quality management framework (e.g., ISO 9001). The models we currently support are as follows:

* - only available in the SAMMY Enterprise Edition

More importantly, a full mapping between these frameworks is an upcoming feature that will be based on an open source OWASP project, namely OpenCRE.

In a nutshell

All of the quality frameworks eventually boil down to a set of basic use-cases that SAMMY supports out-of-the box:

  • Evaluate the current situation and create a baseline
  • Figure out the improvement roadmap whether it is compliance- or quality-first
  • Work the improvement plan
  • Re-assess
We welcome your feedback
Get in touch with us using the Contact Us form.

SAMMY is free tool, however we do require registration. For the OWASP SAMM model you can also use the fully anonymous lightweight version without any registration (you can export your data to SAMM Toolbox Excel).
You are not the product and we will take maximum care to ensure the privacy and security of your data. For the full terms of conditions please have look at this document: Terms of agreement