Download

Version
Releases
1.0
(current)
March 25, 2009
Japanese
xml (not available)
Presentations
ppt
Pravir Chandra
This presentation discusses the motivation for creating OpenSAMM, and then leads into discussion of the structure of the framework. This is followed by a quick tour of the framework in terms of applying the model, and then closes with a little about the ongoing project and goals.
ppt
This is a Spanish translation of the OpenSAMM 1.0 Overview presentation available for download above. Thanks to Joaquin Crespo for contributing it.
ppt
This is a French translation of the OpenSAMM 1.0 Overview presentation available for download above. Thanks to Hubert Grégoire and Sebastien Gioria for contributing it.
ppt
This presentation was created by Zate Berg to present at the OWASP Tampa Chapter Meeting in May 2009. It is a good deck for diving into the high-level structure of each of the areas within the framework.
Tools
xls
OWASP Summit 2011
This spreadsheet contains an activity-level mapping between OpenSAMM and BSIMM. Note that in some cases, multiple BSIMM activities map to a single SAMM activity (109 in BSIMM map to 72 in SAMM).
xls
This spreadsheet breaks down the assessment questionnaire from the SAMM framework into assertion statements that can be used to drive assessment interviews.
xls
Colin Watson
This spreadsheet provides a simple way to capture the data for a SAMM roadmap and automatically generate graphics similar to those that appear in the framework.
xls
Christian Frichot
This is an easy-to-use spreadsheet containing the assessment questionnaire from the SAMM framework. Features some auto-scoring to make the appearance very polished.
zip
This is a project plan template (MS Project or OpenProj) that captures the activities from the SAMM levels. Useful for copying pieces into existing development project schedules.
link
Denim Group
Amongst many features, Vulnerability Manager allows people to track SAMM practices used by different application development teams, store these assessments over time, and build out roadmaps for improvement.
Other
zip
Pravir Chandra
A collection of the badge graphics (business functions, security practices, and all the levels) exported as transparent PNG files. Useful for building your own docs in the same style as the SAMM document.
Version
Releases
beta
(0.1 – 0.99)
August 21, 2008
Additional Resources
ppt
Pravir Chandra
This presentation covers the Beta framework that was introduced to collect community feedback and comments. This deck was originally presented at the OWASP AppSec NYC 2008 conference.