Welcome to SAMMY

SAMMY has started out as a management tool for the OWASP SAMM model. However, it has evolved in the past months to a platform that can support the complete quality management programme at your organization. SAMMY can work with any model whether it is a security-focused framework (e.g., OWASP SAMM, ISO 27001) or a more generic quality management framework (e.g., ISO 9001). The models we currently support are as follows: * Some of these may be only supported in the licensed versions
A mapping between these frameworks is readily available through an open source OWASP project, namely OpenCRE. More mappings are also available, but only in the licensed versions.

In a nutshell

All the quality frameworks eventually boil down to a set of basic use-cases that SAMMY supports out-of-the box:
  • Evaluate the current situation and create a baseline
  • Figure out the improvement roadmap whether it is compliance- or quality-first
  • Work the improvement plan
  • Re-assess

We welcome your feedback

Contact us for a full demo of the SAMMY tool.

SAMMY is free tool, however we do require registration. You are not the product, and we will take maximum care to ensure the privacy and security of your data. For the full terms and conditions please have a look at this document: Terms of agreement