OWASP SAMM 2 - Your Dynamic Software Security Journey

Explore the OWASP Software Assurance Maturity Model (SAMM) 2.0 in this comprehensive conference talk by John Ellingsworth. Gain insights into SAMM principles, project history, and the adaptable approach of this dynamic software security framework. Learn about the differences between SAMM versions 1.5 and 2.0, understand maturity levels and scoring methodologies, and discover the SAMM v2 assessment toolbox. Delve into critical success factors and explore various tools of the trade, including the OWASP SAMM Toolkit, SAMM 2.0 Calculator, and SAMM 2.0 Dashboard. Examine other OWASP Maturity Models and learn how to leverage Google Sheets, Forms, and Data Studio for assessments. Conclude with an overview of the Assessment Toolbox Roadmap to enhance your organization's software security journey.

Intro
John Ellingsworth
What is SAMM?
SAMM principles
Project history
Adaptable Approach
SAMM versions 1.5 and 2.0
Maturity levels and scoring
SAMM v2 assessment toolbox
Critical success factors
Tools of the Trade
OWASP SAMM Toolkit - MS Excel
SAMM 2.0 Calculator: ConcordUSA
SAMM 2.0 Dashboard: Sathish Ashwin
OWASP Maturity Models
Google Sheets
Google Forms & Data Studio
Assessment Toolbox Roadmap