SAMMY is an application security management platform that helps organizations run application security assessments, track maturity, and plan measurable improvements using industry frameworks.
It is designed for application security leaders, security program managers, engineering leaders, and teams that need a structured way to evaluate current practices, identify gaps, and coordinate improvement work across one or more teams or scopes. SAMMY supports assessments against maturity, program, and control frameworks such as OWASP SAMM, OWASP DSOMM, BSIMM, NIST SSDF, ISO 27001, NIST CSF, and OWASP ASVS, plus other standards.
To reduce duplicate effort, SAMMY includes framework mapping capabilities that can carry results from one framework to another, including OpenCRE mappings and direct mappings, with options that can generate a new assessment based on a mapping.
• Multi framework assessments for different assessment types, including self assessments, top down, bottom up, external, and M & A assessments, to support different evaluation contexts.
• Framework mappings to reuse results across frameworks and reduce redundant evaluation work when multiple standards are in scope.
• Improvement roadmaps with assignments and deadlines, plus targets and objectives guidance, to turn assessment findings into planned work items for teams.
• Live dashboards and internal reporting to track maturity scores, progress toward targets, and comparisons across teams, including gap analysis exports to Excel.
• External reporting that generates formatted PDF reports to support audits and certifications using assessment results and validation data.
SAMMY can also be used to create a repeatable assessment and governance cadence that keeps security improvement work visible, prioritized, and aligned with both engineering delivery and compliance expectations over time.
