SAMM (Software Assurance Maturity Model) is an OWASP project and provides well-structured strategy and guidelines for integration of security within software development processes.

In the 7th issue of Web Security Magazine managed by OWASP-Turkey, I have written an introduction article to SAMM. In this article, I focused mainly on the following topics:

• What is SAMM and what are the main aims of SAMM?
• How is the structure of SAMM? What are the main components (i.e. business functions, security practices, maturity levels, security activities) of SAMM?
• What are the 4 business functions (i.e. governance, construction, verification, deployment)?
• What are the 12 security practices (i.e. strategy&metrics, policy&compliance, education&guidance, threat assessment, security requirements, security architecture, design review, code review, security testing, vulnerability management, environment hardening, operational establishment)?
• How do you apply SAMM within development projects? What are the main SAMM documents/tools (e.g. assessment worksheet, scorecards, roadmap template)?

The article is in Turkish and you can read it in this link. You can download it as pdf from the Publications section of this blog as well.

If you are interested in SAMM and need more information, I would suggest you visiting the following links:

• SAMM web site: www.opensamm.org
• Detailed structure of SAMM: http://www.opensamm.org/downloads/SAMM-1.0.pdf
• SAMM Assessment Worksheet: http://www.opensamm.org/downloads/resources/20090925-SAMM-Assessment-v0.4.xls
• SAMM Roadmap Template: http://www.opensamm.org/downloads/resources/20090610-Samm-roadmap-chart-template.xls