Version
|
Releases
|
---|---|
1.0
(current)
March 25, 2009
|
|
(not available)
|
|
Presentations
|
|
Pravir Chandra
This presentation discusses the motivation for creating OpenSAMM, and then leads into discussion of the structure of the framework. This is followed by a quick tour of the framework in terms of applying the model, and then closes with a little about the ongoing project and goals.
|
|
Joaquin Crespo
This is a Spanish translation of the OpenSAMM 1.0 Overview presentation available for download above. Thanks to Joaquin Crespo for contributing it.
|
|
Hubert Grégoire
This is a French translation of the OpenSAMM 1.0 Overview presentation available for download above. Thanks to Hubert Grégoire and Sebastien Gioria for contributing it.
|
|
Zate Berg
This presentation was created by Zate Berg to present at the OWASP Tampa Chapter Meeting in May 2009. It is a good deck for diving into the high-level structure of each of the areas within the framework.
|
|
Tools
|
|
OWASP Summit 2011
This spreadsheet contains an activity-level mapping between OpenSAMM and BSIMM. Note that in some cases, multiple BSIMM activities map to a single SAMM activity (109 in BSIMM map to 72 in SAMM).
|
|
Nick Coblentz
This spreadsheet breaks down the assessment questionnaire from the SAMM framework into assertion statements that can be used to drive assessment interviews.
|
|
Colin Watson
This spreadsheet provides a simple way to capture the data for a SAMM roadmap and automatically generate graphics similar to those that appear in the framework.
|
|
Christian Frichot
This is an easy-to-use spreadsheet containing the assessment questionnaire from the SAMM framework. Features some auto-scoring to make the appearance very polished.
|
|
Jim Weiler
This is a project plan template (MS Project or OpenProj) that captures the activities from the SAMM levels. Useful for copying pieces into existing development project schedules.
|
|
Denim Group
Amongst many features, Vulnerability Manager allows people to track SAMM practices used by different application development teams, store these assessments over time, and build out roadmaps for improvement.
|
|
Other
|
|
Pravir Chandra
A collection of the badge graphics (business functions, security practices, and all the levels) exported as transparent PNG files. Useful for building your own docs in the same style as the SAMM document.
|
Version
|
Releases
|
---|---|
beta
(0.1 – 0.99)
August 21, 2008
|
|
Additional Resources
|
|
Pravir Chandra
This presentation covers the Beta framework that was introduced to collect community feedback and comments. This deck was originally presented at the OWASP AppSec NYC 2008 conference.
|