Security Maturity Models (OpenSAMM and BSIMM)

Regarding software security, two frameworks often come up in conversations, OpenSAMM (Software Assurance Maturity Model) and BSIMM (Building Security In Maturity Model).

What is OpenSAMM?

OpenSAMM is an open framework developed by the Open Web Application Security Project (OWASP) to help organizations formulate and implement a software security strategy tailored to the organisation's specific risks.

Key Features of OpenSAMM:

• Flexibility: OpenSAMM is designed to be adaptable to organizations of all sizes and industries. Whether you are a small startup or a large enterprise, you can tailor the framework to fit your specific needs.
• Maturity Levels: The framework is divided into different maturity levels and allows you to access your current state and set realistic goals for improvement.
• Activity Streams: OpenSAMM breaks down software security into four main business functions: Governance, construction, verification, and deployment. Each function has specific activities that you can focus on to enhance your security posture.

OpenSAMM Security practices

• Governance: how an organization manages overall software development activities. More specifically, this includes concerns that cross-cut groups are involved in development as well as…