This document provides an overview of the open Software Assurance Maturity Model (openSAMM). It explains that openSAMM is an open framework to help organizations formulate and implement a strategy for software security tailored to their specific risks. It describes openSAMM's four business functions and three security practices for each function. For each level of maturity, openSAMM defines objectives, activities, results, success metrics, costs, personnel needs, and related levels. The document outlines a four-step process for using openSAMM that includes performing a gap assessment, creating a roadmap, executing the roadmap with periodic reviews, and moving to the next level of maturity.