• Governance
  • Policy & Compliance
  • Education & Guidance
  • Construction
  • Security Requirements
  • Architecture
  • Verification
Is there a software security assurance program already in place?
Are development staff aware of future plans for the assurance program?
Do the business stakeholders understand your organization's risk profile?
Are most of your applications and resources categorized by risk?
Are risk ratings used to tailor the required assurance activities?
Does most of the organization members involved know about what's required based on risk ratings?
Is per-project data for the cost of assurance activities collected?
Does your organization regularly compare your security spend with that of other organizations?

Click here to start the SAMM self assessment test again.

The Software Assurance Maturity Model (SAMM) is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization. With the self-assessment test above you can get a very quick overview on the status of the IT security related processes within your organisation. SAMM is an OWASP project.

Contact us if you need a full SAMM assessment or need help to lower your cyber security risks.

About this SAMM Self Assessment test:

The Software Assurance Maturity Model (SAMM) was originally developed, designed, and written by Pravir Chandra (chandra@owasp.org). This WordPress plug-in contains slightly modified questions of SAMM and is limited in length. This SAMM Self Assessment test WordPress plug-in is open source. You can use it or improve it! You can find the source code and install instruction on the samm github page.