SAMMY has started out as a management tool for the OWASP SAMM model. However it has evolved in the past months to a platform that can support the complete quality management programme at your organization. SAMMY can work with any model whether it is a security-focused framework (e.g., OWASP SAMM, ISO 27001) or a more generic quality management framework (e.g., ISO 9001). The models we currently support are as follows:
More importantly, a full mapping between these frameworks is an upcoming feature that will be based on an open source OWASP project, namely OpenCRE.
All of the quality frameworks eventually boil down to a set of basic use-cases that SAMMY supports out-of-the box:
SAMMY is free tool, however we do require registration. For the OWASP SAMM model you can also use the fully anonymous lightweight version without any registration (you can export your data to SAMM Toolbox Excel).
You are not the product and we will take maximum care to ensure the privacy and security of your data. For the full terms of conditions please have look at this document: Terms of agreement