Mapping OWASP DevSecOps Maturity Model to SAMMv2

When:Wed PM-3
OrganizersTimo Pagel , Sebastien Deleersnyder Sebastien Deleersnyder , Bart De Win Bart De Win
ParticipantsYan Kravchenko Yan Kravchenko , Brett Crawley Brett Crawley , John Ellingsworth John Ellingsworth , Mario Platt Mario Platt , Sebastian Arriada Sebastian Arriada

OWASP DevSecOps Maturity Model activities reference, based on Timo Pagels opinion, to OWASP SAMM activities.

Check out


  • Is the current mapping valid?
  • Some DSOMM activities are not easy to map to SAMM, where should it belong to? (Is it accepted/expected/questioned to have mappings for one DSOMM activity to multiple SAMM activities?)
  • Are the differences of having activities of maturity level 3 in SAMM and in OWASP DSOMM on maturity 1 accepted/expected/questioned?


  • OWASP SAMM team verfies by mapping that no important actvities are missing
  • OWASP SAMM might add references to OWASP DevSecOps Maturity Model
  • OWASP DevSecOps Maturity Model will have a more precise mapping

Register as participant

To register as participant add Mapping OWASP DevSecOps Maturity Model to SAMMv2 to either:

  1. the sessions metadata field from your participant's page (find your participant page and look for the edit link).
  2. or the participants metadata field from this git session page

Back to list of all Working Sessions