SAMM 1.0 Released! | OpenSAMM

[chandra at list.org (Pravir Chandra)]

Hey Ken.

Thanks for sending this out. I've mentioned it before, but today I'm
proud to announce that the Software Assurance Maturity Model (SAMM)
version 1.0 has been released and is freely available for download
from http://www.opensamm.org

For those unfamiliar, SAMM is an open framework to help organizations
formulate and implement a strategy for software security that is
tailored to the specific risks facing the organization. The resources
provided by SAMM will aid in:

* Evaluating an organization?s existing software security practices
* Building a balanced software security program in well-defined iterations
* Demonstrating concrete improvements to a security assurance program
* Defining and measuring security-related activities within an organization

SAMM was defined with flexibility in mind such that it can be utilized
by small, medium, and large organizations using any style of
development. Additionally, this model can be applied
organization-wide, for a single line-of-business, or even for an
individual project.

As an open project, SAMM content shall always remain vendor-neutral
and freely available for all to use. The project has received a huge
amount of attention and is keeping me busy, but we're always open to
more feedback and supporters.

Thanks!

p.

On Wed, Mar 25, 2009 at 8:09 AM, Kenneth Van Wyk <ken at krvw.com> wrote:
> Good news today from the Software Assurance Maturity Model (SAMM) group.
>
> http://www.opensamm.org/2009/03/samm-10-released/
>
> Their release says:
>
> "The Beta release has been out for quite a while now (since August 2008) and
> lots of organizations and individuals have provided excellent feedback to
> help improve the model. I?ve heard lots of stories from people using SAMM
> (some are consulting firms, and some are development organizations) and that
> feedback has been some of the most valuable. This release marks the official
> 1.0 version of SAMM and there?s a few new pieces added:
>
> ? ?* Executive summary and introduction to the model
> ? ?* Improved details on applying the model to solve problems
> ? ?* Assessment worksheets for evaluating existing programs
> ? ?* Roadmaps for financial services and government organizations
> ? ?* Improvements and refinements to the model (I?ll cover changes
> individually in separate posts)
>
> Many thanks to the individual reviewers and the organizations that have
> volunteered time to help improve SAMM. I look forward to more active
> participants as we push forward with some of the future development plans
> for SAMM."
>
>
>
> Cheers,
>
> Ken
>
> -----
> Kenneth R. van Wyk
> KRvW Associates, LLC
> http://www.KRvW.com
>
>
>
>
>
>
> _______________________________________________
> Secure Coding mailing list (SC-L) SC-L at securecoding.org
> List information, subscriptions, etc - http://krvw.com/mailman/listinfo/sc-l
> List charter available at - http://www.securecoding.org/list/charter.php
> SC-L is hosted and moderated by KRvW Associates, LLC (http://www.KRvW.com)
> as a free, non-commercial service to the software security community.
> _______________________________________________



-- 
~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~ ~~~~~~~~ ~~~~~ ~~~ ~~ ~
Pravir Chandra                      chandra<at>list<dot>org
PGP:    CE60 0E10 9207 7290 06EB   5107 4032 63FC 338E 16E4
~ ~~ ~~~ ~~~~~ ~~~~~~~~ ~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~