- AA
- Architecture Assessment (SAMM Practice)
- ADFS
- Active Directory Federation Services
- ASVS
- OWASP Application Security Verification Standard
- AV
- Anti-Virus
- BOM
- Bill of Materials
- CBT
- Computer-Based Training
- CPE
- Common Platform Enumeration
- CVE
- Common Vulnerabilities and Exposures
- CVSS
- Common Vulnerability Scoring System
- CWE
- Common Weakness Enumeration
- DAST
- Dynamic Application Security Testing
- DDoS
- Distributed Denial of Service
- DevOps
- Integrated Development and Operations/dd>
- DevSecOps
- Integrated Development, Security, and Operations/dd>
- DM
- Defect Management (SAMM Practice)
- DOD
- Definition of Done
- DOR
- Definition of Ready
- DoS
- Denial of Service
- DSL
- Domain-Specific Language
- EM
- Environment Management (SAMM Practice)
- EG
- Education and Guidance (SAMM Practice)
- ESB
- Enterprise Service Bus
- GDPR
- General Data Protection Regulation (European Union law)
- HSM
- Hardware Security Module
- IAM
- Identity and Access Management
- IAST
- Interactive Application Security Testing
- IDE
- Integrated Development Environment
- IM
- Incident Management (SAMM Practice)
- IP
- Internet Protocol
- ISO
- International Standards Organization
- KPI
- Key Performance Indicator
- LDAP
- Lightweight Directory Access Protocol
- LMS
- Learning Management System
- NIST
- National Institute of Standards and Technology (US Agency)
- NVD
- National Vulnerability Database (US)
- OM
- Operational Management (SAMM Practice)
- OS
- Operating System
- OWASP
- Open Web Application Security Project
- PC
- Policy and Compliance (SAMM Practice)
- PCI
- Payment Card Industry
- PCI DSS
- Payment Card Industry Data Security Standard
- QA
- Quality Assurance
- RASP
- Runtime Application Self-Protection
- RCA
- Root Cause Analysis
- RT
- Requirements-driven Testing (SAMM Practice)
- REST
- REpresentational State Transfer
- SA
- Security Architecture (SAMM Practice)
- SAMM
- Software Assurance Maturity Model
- SAST
- Static Application Security Testing
- SB
- Secure Build (SAMM Practice)
- SD
- Secure Deployment (SAMM Practice)
- SDK
- Software Development Kit
- SDLC
- Software Development Life Cycle
- SIEM
- Security Information and Event Management
- SIP
- Session Initiation Protocol
- SLA
- Service Level Agreement
- SM
- Strategy and Metrics (SAMM Practice)
- SMART
- Specific, Measurable, Actionable, Relevant, and Time-bound
- SME
- Subject Matter Expert
- SOAP
- Simple Object Access Protocol
- SP
- Special Publication (NIST Document)
- SR
- Security Requirements (SAMM Practice)
- SSCE
- Secure Software Center of Excellence
- SSO
- Single Sign-On
- ST
- Security Testing (SAMM Practice)
- STRIDE
- Spoofing, Tampering, Repudiation, Information disclosure, Denial of service, and Elevation of privilege
- SWIFT
- Society for Worldwide Interbank Financial Telecommunication
- TA
- Threat Assessment (SAMM Practice)
- TLS
- Transport Layer Security
- TPM
- Trusted Platform Module
- UAT
- User Acceptance Test
- VA
- Vulnerability Analysis
- VCS
- Version Control System
- WAF
- Web Application Firewall
- ZAP
- OWASP Zed Attack Proxy
OWASP SAMM is published under the CC BY-SA 4.0 license and we share the OWASP Privacy Policy
Template by Bootstrapious. Ported to Hugo by DevCows