SAMMY has started out as a management tool for the
OWASP SAMM model.
However, it has evolved in the past months to a platform that can support the complete quality management programme at your organization.
SAMMY can work with any model whether it is a security-focused framework (e.g., OWASP SAMM, ISO 27001) or a more generic quality management framework (e.g., ISO 9001).
The models we currently support are as follows:
* Some of these may be only supported in the licensed versions
A mapping between these frameworks is readily available through an open source OWASP project, namely OpenCRE.
More mappings are also available, but only in the licensed versions.
In a nutshell
All the quality frameworks eventually boil down to a set of basic use-cases that SAMMY supports out-of-the box:
- Evaluate the current situation and create a baseline
- Figure out the improvement roadmap whether it is compliance- or quality-first
- Work the improvement plan
- Re-assess