Dated: 03-12-2024

Ch03. Software Security Hardening Fundamentals - Owasp Samm - 1

Software Assurance Maturity Model (SAMM) developed by OWASP
- A guide to building security into software development
- 96 page PDFs
OWASP Software Assurance Maturity Model (SAMM)
- Governance Phase:
  - Strategy & Metrics
  - Education & Guidance
  - Policy & Compliance
Strategy & Metrics:
- Focused on establishing the framework within an organization for a software security assurance program.
- This is the most fundamental step in defining security goals in a way that’s both measurable and aligned with the organization’s real business risk.
Education & Guidance:
- Focused on arming personnel involved in the software lifecycle with knowledge and resources to design, develop, and deploy secure software
- With improved access to information, project teams will be better able to proactively identify and mitigate the specific security risks that apply to their organization.
Policy & Compliance:
- Focused on understanding and meeting external legal and regulatory requirements while also driving internal security standards to ensure compliance in a way that's aligned with the business purpose of the org.
- A driving theme for improvement within this Practice is focus on project-level audits that gather information about the organization's behavior in order to check that expectations are being met.
Lets look at SAMM Construction Phase in the next module

Post Assessments

_ is the main goal of the Education & Guidance phase in SAMMs Governance.

In the Strategy & Metrics phase of SAMMs Governance, what is the primary focus?

In the context of software security: SAMM stands for _