About this tool

The SAMMwise web application provides a convenient alternative to the OWASP SAMM Toolkit (Excel workbook) for capturing your SAMM assessment responses. Leveraging several open-source JavaScript frameworks, the SAMMwise application provides an intuitive, page-oriented workflow for completing a SAMM assessment, coupled with dynamic graphics to visualize assessment results.

Current Capabilities

  • Evaluating an organization’s existing software security practices;
  • Building toward a balanced software security assurance program in well-defined iterations;
  • Demonstrating concrete improvements to a security assurance program; and
  • Defining and measuring security-related activities throughout an organization.

    • Future Enhancements

  • Multi-phase roadmaps - Baseline, plus up to 5 implementation phases
  • Comparison with multiple previous assessments
  • Comparison with SAMM Benchmark data
  • Contribution of de-identified assessment results to SAMM Benchmark Project

    • Version History

    Version 1.0 - The initial release of SAMMwise was developed in July - October 2021 by the Application Security Services Team at Datacom New Zealand. The tool was released as an open-source project and donated to the OWASP SAMM project.