OWASP SAMM

Have you already registered for the OWASP® Foundation SAMM user day in Washington, D.C., on November 5th? If you are going to be in Washington, we highly recommend you do! Over the years, we have seen many companies use multiple maturity models. Several combine OWASP SAMM and OWASP DSOMM, with SAMM serving as an AppSec program at the organizational level and DSOMM at a more detailed development team level. This year, we have combined the OWASP SAMM and DSOMM teams for a joint Maturity Model user day. More info and registration here: https://lnkd.in/g9qpGxY Looking forward to seeing you there! The SAMM & DSOMM team

Community Calls this week! We’re hosting two community calls this week so you can join at the time that works best for you. Register now on Meetup.

The SAMM & DSOMM User Day is coming up, and the agenda is shaping up to be one of our best yet. This year, we’re putting the spotlight on practitioners and users sharing their real-world experiences: ✔️ Tips and tricks for getting the most out of SAMM and DSOMM ✔️ Success stories that show what’s possible ✔️ Honest frustrations and how to overcome them We have also teamed up with the DSOMM project. Together, the core teams will explore the similarities and differences between the two frameworks. Expect lively discussions, valuable insights, and practical takeaways you can apply in your own work. And yes, we’ll also be unveiling the latest SAMM benchmark numbers allowing you to quick fact check how do you compare with other organizations worldwide! Looking forward to seeing you there. 👉 Agenda and registration link are in the comments.

We're back! This week we’re hosting two community calls so you can join at the time that works best for you.

Now the vacation is (almost) over, it's time to get ready for some interesting upcoming events. Mark your calendar for the 5th of November for a combined SAMM and DSOMM User Day, as part of OWASP's Global AppSec in Washington DC. We’ll be spending the day sharing experiences, exploring real-world use of SAMM and DSOMM, and learning from each other about how to advance software security maturity. If you have an interesting SAMM and/or DSOMM story to tell, please consider submitting a presentation. The call is still open until the 15th of September. The link is in the comments section.

Ein riesiger Meilenstein für mich! Mein erster Artikel in einer Fachzeitschrift ist da 🤩 Ich durfte im Java Magazin über ein Thema schreiben, das mir besonders am Herzen liegt: "Softwareprodukte sicher entwickeln". Gerade mit Blick auf den kommenden Cyber Resilience Act (CRA) ist das wichtiger denn je, aber auch abseits davon gibt es viele gute Gründe für Teams und Unternehmen, sich damit zu beschäftigen. Im Artikel erkläre ich, warum sich Security lohnt und wie passgenaue Sicherheitsmaßnahmen im Entwicklungsprozess etabliert werden können. Spoiler: Es geht nicht darum, den "Return on Investment" in Euro zu beziffern, sondern eher darum, sich die Kosten des Nichtstuns vor Augen zu führen: Reputationsverlust, Umsatzausfälle oder kostspielige und zeitaufwendige Fixes. Ich denke, da kennen wir alle genug prominente Beispiele. Ein zentraler Punkt im Artikel ist OWASP SAMM - das Software Assurance Maturity Model. Ein super Referenzrahmen, um den Reifegrad der eigenen Security-Praktiken einzuschätzen und Schritt für Schritt zu verbessern. Ich gehe auf die verschiedenen Business Functions wie Governance, Design, Implementation, Verification und Operations ein und zeige an konkreten Beispielen wie Threat Modeling, wie man von Level 0 zu Level 3 kommt. Es geht auch darum, Security-Aktivitäten nicht als einmalige Tasks zu sehen, sondern kontinuierlich in den Entwicklungsalltag zu integrieren. Ob periodische Checks oder Trigger durch andere Prozessschritte - Hauptsache, es wird zur Gewohnheit! Ich bin super gespannt auf euer Feedback und eure Meinungen dazu! Habt ihr schon Erfahrungen mit OWASP SAMM gemacht oder steht ihr gerade vor ähnlichen Herausforderungen? Lasst uns in den Kommentaren diskutieren! 👇 #SoftwareSecurity #AppSec #SecureDevelopment #OWASPSAMM #CyberResilienceAct

We are excited to announce our upcoming User Day, this time teaming up with DSOMM , as part of Global AppSec USA (Washington, DC), on November 5th, 2025. We’ll be spending the day sharing experiences, exploring real-world use of SAMM and DSOMM, and learning from each other about how to advance software security maturity. Whether you’re deep into assessments or just getting started, we’d love to hear your perspective. We have an open call for presentations. Come and share your story! See the link in the comments section.

Meetup events for the Friday 2pm CET calls are all scheduled (link is in the comments). See you in September and have a great summer.

Watch the SUD talk by Dag Flachet on YouTube!

We're taking a break from our SAMM community calls for a summer siesta in July and August! 🏖️  You can relive all the incredible moments from our latest SAMM User Day in Barcelona by checking out the recordings and presentation downloads here: https://lnkd.in/g9qpGxY. Feeling inspired? Our Call for Topics for the Washington D.C. event in November is wide open, so send us your brilliant ideas! And if you haven't already, visit our Meetup page and register to receive notifications when our community calls kick off again in September: https://lnkd.in/d5V38saQ. You won't want to miss it!