This document provides an overview of the open Software Assurance Maturity Model (openSAMM). It explains that openSAMM is an open framework to help organizations formulate and implement a strategy for software security tailored to their specific risks. It describes openSAMM's four business functions and three security practices for each function. For each level of maturity, openSAMM defines objectives, activities, results, success metrics, costs, personnel needs, and related levels. The document outlines a four-step process for using openSAMM that includes performing a gap assessment, creating a roadmap, executing the roadmap with periodic reviews, and moving to the next level of maturity.

1. http://digitalcatharsis.files.wordpress.com/2008/10/sleeping-man_ml.jpg
Good Morning

2. openSAMM
{
Why & How?

3. http://api.ning.com/files/OMGuiScfW0WEzLqgZ-vEG1Gocfg9TzXJ*3p8tfJVh6piUZb380lsGCXDJa0aFePIDX7qFwM16dSET5kxHSYqOcFNjdBtZiK/elephant.jpg

4. http://30dom.com/wp-content/uploads/2013/11/olympic-weight-lifting-wallpaperli-xueying-weightlifting-olympic--china-photos-and-wallpapers-nusxdel.jpg

5. http://www.veracode.com/blog/wp-content/uploads/2013/06/bug-bounty-programs.jpg

6. https://www.owasp.org/images/thumb/f/ff/Security_in_the_SDLC_Process.png/600px-Security_in_the_SDLC_Process.png

7. http://devpolicy.org/wp-content/uploads/2013/08/Value-for-money.jpg

8. http://www.rms.net/roi_investreturn.gif

9. http://www.shipulski.com/wp-content/uploads/2012/06/Impossible.jpeg

10. https://s3.amazonaws.com/pbblogassets/uploads/2013/04/donkey-pulling-cart.jpg

11. http://www.you-stylish-barcelona-apartments.com/blog/wp-content/uploads/2010/09/what-to-do.JPG.jpeg

12. 


Classification system for a set of processes /
function
Shows characteristics of processes over
different levels
Examples



CMMI (DEV, SVC, ACQ)
SSE-CMM
BSIMM, openSAMM, etc
Maturity Models

14. 


Open Software Assurance Maturity Model
OWASP Project
Open framework to help organizations




Formulate
Implement
Strategy for software security
Tailored to the specific risks facing the
organization
openSAMM

15. 

Recognizes 4 type of
business functions
Any organization
performing software
development would
have these (names
could be different)
openSAMM

16. 

3 business practices for each function
3 objectives (for levels) under each practice




0 (implied starting point, not included)
1 (initial understanding and ad hoc provision of practice)
2 (increase efficiency / effectiveness of practice)
3 (comprehensive mastery of the practice)
openSAMM - Security
Practices

17. openSAMM - Example

18. 
For every level, SAMM defines







Objective
Activities
Results
Success Metrics
Costs
Personnel
Related Levels
openSAMM

19. http://creativeconstruction.files.wordpress.com/2013/02/how_to_do_one_thing_at_a_time.jpg

20. http://www.jasonshen.com/wp-content/uploads/2012/04/buy-in-image-560x355.jpg

21. Step 2 - Perform Gap
Assessment

22. Step 3 - Create Roadmap /
Assurance Program

23. 

Perform practices / activities for level 1
Keep assessing it till you are satisfied and the
scorecard tells you to


Inform management with the updated roadmap
in a periodic manner
Move to next level after you are done with the
previous one
Step 4 - Execute with
periodic reviews

24. 

www.sripati.info
http://in.linkedin.com/in/sripati
Who Am I

25. 

http://www.opensamm.org/downloads/resources/OpenSAMM-1.0.ppt
http://www.opensamm.org/downloads/resources/20090602Software%20Assurance%20Maturity%20Model.ppt
Credits