Originally designed as a management tool for
OWASP SAMM,
SAMMY has rapidly evolved into a comprehensive platform that can support your organization’s entire secure software development and application security management program.
Whether you’re focused on security frameworks like ISO 27001 and OWASP SAMM, or broader quality management systems such as ISO 9001, SAMMY is built to adapt.
Our platform offers extensive support for a variety of models, allowing you to seamlessly manage compliance, security, and maturity standards in one place.
Plus, SAMMY goes a step further by providing mappings between different frameworks, helping you navigate the complex landscape of regulations with ease.
Frameworks
Here are just a few of the frameworks we currently support:
* Some of these may be only supported in the licensed versions
A mapping between these frameworks is readily available through an open source OWASP project, namely OpenCRE.
More mappings are also available, but only in the licensed versions.
In a nutshell
All the quality frameworks eventually boil down to a set of basic use-cases that SAMMY supports out-of-the box:
- Evaluate the current situation and create a baseline
- Figure out the improvement roadmap whether it is compliance- or quality-first
- Work the improvement plan
- Re-assess