Secure Coding mailing list archives
SAMM 1.0 Released! | OpenSAMM
From: chandra at list.org (Pravir Chandra)
Date: Wed, 25 Mar 2009 11:55:06 -0700
Hey Ken. Thanks for sending this out. I've mentioned it before, but today I'm proud to announce that the Software Assurance Maturity Model (SAMM) version 1.0 has been released and is freely available for download from http://www.opensamm.org For those unfamiliar, SAMM is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. The resources provided by SAMM will aid in: * Evaluating an organization?s existing software security practices * Building a balanced software security program in well-defined iterations * Demonstrating concrete improvements to a security assurance program * Defining and measuring security-related activities within an organization SAMM was defined with flexibility in mind such that it can be utilized by small, medium, and large organizations using any style of development. Additionally, this model can be applied organization-wide, for a single line-of-business, or even for an individual project. As an open project, SAMM content shall always remain vendor-neutral and freely available for all to use. The project has received a huge amount of attention and is keeping me busy, but we're always open to more feedback and supporters. Thanks! p. On Wed, Mar 25, 2009 at 8:09 AM, Kenneth Van Wyk <ken at krvw.com> wrote:
Good news today from the Software Assurance Maturity Model (SAMM) group. http://www.opensamm.org/2009/03/samm-10-released/ Their release says: "The Beta release has been out for quite a while now (since August 2008) and lots of organizations and individuals have provided excellent feedback to help improve the model. I?ve heard lots of stories from people using SAMM (some are consulting firms, and some are development organizations) and that feedback has been some of the most valuable. This release marks the official 1.0 version of SAMM and there?s a few new pieces added: ? ?* Executive summary and introduction to the model ? ?* Improved details on applying the model to solve problems ? ?* Assessment worksheets for evaluating existing programs ? ?* Roadmaps for financial services and government organizations ? ?* Improvements and refinements to the model (I?ll cover changes individually in separate posts) Many thanks to the individual reviewers and the organizations that have volunteered time to help improve SAMM. I look forward to more active participants as we push forward with some of the future development plans for SAMM." Cheers, Ken ----- Kenneth R. van Wyk KRvW Associates, LLC http://www.KRvW.com _______________________________________________ Secure Coding mailing list (SC-L) SC-L at securecoding.org List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l List charter available at - http://www.securecoding.org/list/charter.php SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com) as a free, non-commercial service to the software security community. _______________________________________________
-- ~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~ ~~~~~~~~ ~~~~~ ~~~ ~~ ~ Pravir Chandra chandra<at>list<dot>org PGP: CE60 0E10 9207 7290 06EB 5107 4032 63FC 338E 16E4 ~ ~~ ~~~ ~~~~~ ~~~~~~~~ ~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~
Current thread:
- SAMM 1.0 Released! | OpenSAMM Kenneth Van Wyk (Mar 25)
- SAMM 1.0 Released! | OpenSAMM Pravir Chandra (Mar 25)