SAMM - Core Model Update 3 - Implementation

SAMM core model update sessions.


This Working Session will look at the core model to see what updates related to automation, cloud, etc. could or should align with how things are done today.


  • Review implementation guidance related to automation
  • Review guidance based on cloud solutions


  • Core Model

Synopsis and Takeaways

  • We are exploring adding a fifth business function to the SAMM Model.
  • This function will be somewhere between the current “Construction” and “Verification” business functions
  • This new function may encompass code building and code mangement
  • The current “Construction” Business Function is mostly about design, so it needs recategorising
  • Defect management is not clearly defined in the current SAMM Model
  • We will probably need to make fundamental additions and changes to the current SAMM Model
  • Ideas for the new business function naming and criteria have been put forward
  • Ideas for new security practices have been noted
  • Likely updates to the “Operations” business function are to be made to account for more infrastructure-related activities


The target audience for this Working Session is:

  • Security champions
  • Security architects
  • DevOps Roles
  • CISOs

Working materials

Here are the current ‘work in progress’ materials for this session

(please add as much information as possible before the sessions)


Core Model Review current version

Back to list of all Working Sessions and Tracks

Edit this page here