Software Assurance Maturity Model (for OWASP Compliance)
Overview
The Software Assurance Maturity Model (SAMM) is an open standard from the Open Web Application Security Project (OWASP) that provides an effective and measurable way for organizations to understand and improve their software security posture. Unlike purely code-focused approaches, SAMM takes a holistic view, encompassing the entire software development lifecycle and organizational practices. By utilizing SAMM, organizations can establish a security baseline, define and prioritize improvement activities, measure progress, and effectively communicate their security maturity to stakeholders.
Review Service
The Rietta team offers a proven process to thoroughly review your application and organization’s development practices, focusing on the hard technical matters critical to your SAMM maturity. This includes evaluating security practices within areas like Secure Build, Deployment, and Software Configuration Management.
We are proud to partner with New Oceans Enterprises, led by Donna Gallaher, to provide a comprehensive solution for your SAMM journey. While our expertise lies in the technical assessment and implementation aspects, New Oceans Enterprises specializes in developing the necessary security policies and addressing other organizational needs crucial for achieving higher SAMM maturity ratings. Their vCISO services further support organizations requiring strategic security leadership. This collaboration ensures a holistic approach to SAMM adoption.
Our process typically involves an initial consultation to understand your current maturity level and goals, an assessment of your development practices and relevant technical controls, a detailed findings report mapped to SAMM maturity levels with actionable recommendations, and collaborative guidance on remediation strategies. Our CEO, Frank Rietta, a life member of OWASP with extensive experience in application security, can provide signed attestation letters or bridge letters to help demonstrate your organization’s current SAMM maturity level to your stakeholders.
Not Authorized by OWASP
Please note that OWASP does not accredit or authorize specific companies to conduct SAMM assessments. Our use of their mark on this page is for fair use only to clearly identify the standard that we follow. You are free to read and follow this standard on your own or use any consultant or contractor of your choice.
Frank Rietta is a life member of the OWASP, believes strongly in their mission, and supports the local club organization.
Next Steps
If you'd like to discuss your specific requirements, feel free to schedule a free consultation. We'll provide detailed information about our services and tailor a plan to meet your unique needs. You can reach us at our Atlanta office: +1 (770) 623-2059.