Project Lead

Pravir Chandra


This work would not be possible without the support of many individual reviewers and experts that offered contributions and critical feedback. They are (in alphabetical order):

Fabio Arciniegas
Matt Bartoldus
Sebastien Deleersnyder
Jonathan Carter
Darren Challey
Brian Chess
Dinis Cruz
Justin Derry
Bart De Win
James McGovern
Matteo Meucci
Jeff Payne
Gunnar Peterson
Jeff Piper
Andy Steingruebl
John Steven
Chad Thunberg
Colin Watson
Jeff Williams


The Software Assurance Maturity Model (SAMM) was originally developed, designed, and written by Pravir Chandra (chandra-at-owasp-dot-org), an independent software security consultant. Creation of the first draft was made possible through funding from Fortify Software, Inc. This document is currently maintained and updated through the OpenSAMM Project led by Pravir Chandra. Since the initial release of SAMM, this project has become part of the Open Web Application Security Project (OWASP).