Overview

SAMM compliance refers to adhering to the guidelines set by the "Software Assurance Maturity Model" (SAMM), a framework developed by the Open Web Application Security Project (OWASP) that helps organizations assess and improve their software security practices by evaluating their maturity level across different security aspects, allowing them to identify areas for improvement and work towards a higher level of software security compliance; essentially, it means actively working to achieve a mature and robust software security posture according to the SAMM model.

Maturity levels

The framework defines different maturity levels for various security practices, allowing organizations to measure their current state and progress towards a higher level of security.

SAMM organizes security practices into different business functions like Governance, Design, Implementation, Verification, and Operations, providing a structured approach to security assessment.

Maturity levels​

Maturity levels