owasp-samm
Safeguard articles tagged "owasp-samm" — guides, analysis, and best practices for software supply chain and application security.
5 articles
Building a secure coding culture: training, champions, and incentives that stick
Verizon's 2025 DBIR found the human element in ~60% of breaches. A practical playbook for training, champions programs, and incentives that actually change developer behavior.
A practical AppSec maturity model: five stages, self-assessment included
OWASP SAMM v2 scores 15 practices on a 0–3 scale; BSIMM15 measured 121 firms and found SCA adoption up 67%. Here's a five-stage model to self-assess against.
Application Security Maturity Models
OWASP SAMM, BSIMM, and NIST SSDF explained: what maturity levels really measure, which framework fits your org, and why federal attestation rules now force the question.
What is the OWASP Software Assurance Maturity Model (SAMM)
A concrete breakdown of OWASP SAMM's 5 functions, 15 practices, and 30 streams, how its maturity levels work, and how it compares to BSIMM.
Choosing an Application Security Framework
SAMM, BSIMM, NIST SSDF, and ASVS answer different questions. Here is how to pick the one that fits your team and turn it into policy your pipeline can actually enforce.