Overview

The OWASP Software Assurance Maturity Model (SAMM) is an essential tool designed to help organizations assess and improve their software security practices. It provides a comprehensive framework that accommodates the entire software lifecycle, from development to acquisition, making it an invaluable resource for a variety of enterprises. SAMMwise is an open-source web application built on this model, offering a user-friendly interface to calculate maturity scores for projects, enterprises, or individuals, effectively helping them gauge their software security posture.

What makes SAMMwise exciting is its flexibility and process-agnostic nature. It not only walks users through an interactive assessment but also allows them to save, reuse, and share results easily. Whether you are a developer looking to enhance your project’s security or an organization aiming for a robust software assurance strategy, SAMMwise can facilitate those objectives seamlessly.

Features

• Easy Setup: Quickly deploy SAMMwise using Docker with straightforward commands to get up and running, saving time in implementation.

• Comprehensive Assessment: Conduct surveys across five critical domains: Governance, Design, Implementation, Verification, and Operations, making it easy to identify areas needing improvement.

• User-Friendly Interface: The application guides users through the assessment process, ensuring a smooth experience for both technical and non-technical users.

• Store and Share Results: Save assessment results into your browser’s local storage or download them as JSON files for offline sharing and future reference.

• Visualization of Changes: Re-uploaded results are displayed graphically in the report, offering clear insights into progress and changes over time.

• Project Metadata Entry: Optionally include project metadata in the assessment results, adding meaningful context to the gathered data.

• Community Driven: The open-source nature encourages user contributions, with a dedicated path for submitting bug fixes and feature enhancements.