U.S. Markets open in 3 hrs 21 mins

OWASP SAMM v1.5 Helps Organizations Improve Their Security Posture

BEL AIR, Maryland, April 14, 2017 /PRNewswire/ -- According to a recent study published by SANS: 23% of respondents said that applications were the source of actual breach, data loss and attacks on others and only 25% of the respondents believe they have a mature application security program.

The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks. Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. OWASP does not endorse or recommend commercial products or services.

OWASP SAMM v1.5 is built to help organizations formulate and implement a strategy for software security that is tailored to organization-specific risks. With SAMM v1.5, organizations can accurately evaluate their existing software security practices and steadily improve their security posture over time in well defined iterations designed to meet their unique needs.  The new SAMM scoring model helps demonstrate concrete improvements to security related activities throughout an organization. SAMM is one of the very few mature and open resources available to assist organizations measure and build software security programs.

"Our main goal for version 1.5 was to support our large user community by incorporating their feedback and improving the measurement system of the model," says Bart De Win, co-project leader of OWASP SAMM.

OWASP SAMM v1.5 improves the granularity of scoring, allowing partial credit for achieving maturity benchmarks. This coupled with the matching scoring system, makes it easy to see maturity improvements from projects and initiatives on a dashboard. SAMM project co-lead Brian Glas notes, "One of the main benefits of the updated scoring model is that you can visibly see improvement to your maturity score on the dashboard as initiatives are completed. This can go a long way in building support for your Application Security Program."

Version 1.5 has enhanced explanations of the maturity model with worksheets and guidance containing example case studies which allows organizations not only understand where they are, but to understand what has worked (and hasn't) for others in similar scenarios. This is a continuing effort with more improvements expected in v2.0. Implementing SAMM is easier with a new Quick Start guide and Tool Box that includes interview forms and the ability to generate roadmaps, charts, and graphs. The increased ease of adoption has led some companies to begin evaluation with v1.5 despite recent setup of v1.1. Mike Craigue from Dell Cybersecurity explains, "We've already started using version 1.5 of the tool internally, and we've gotten an enthusiastic response to the enhanced scoring and easy-to-generate charts."

The OWASP SAMM project leaders are Sebastien Deleersnyder, Bart De Win, and Brian Glas.

To learn more, visit https://www.owasp.org/index.php/SAMM

Follow OWASP SAMM on twitter: @owaspsamm
For additional info owasp.foundation@owasp.org

Photo - http://mma.prnewswire.com/media/484774/OWASP_Foundation_Logo.jpg