Which of the following is an open framework used to guide an organization in making software security
decisions that are in alignment with the organization’s risk profile? (Select the best answer.)
A.
SAMM
B.
ZAP
C.
WTE
D.
OWTF
Explanation:
The Software Assurance Maturity Model (SAMM) is an open framework used to guide an organization in
making software security decisions that are in alignment with the organization’s risk profile. The SAMM is
published by the Open Web Application Security Project (OWASP), which is a multinational, notforprofit
organization that provides frameworks, documentation, tools, and community forums with a focus on
application security. Like all OWASP documentation, the SAMM is licensed under the Creative Commons
AttributionShare Alike 3.0 License, which is a common Free/Libre and Open Source Software (FLOSS) license
that allows redistribution and modification of the original content with the appropriate attribution and the
requirement to distribute the derivative work under the same license as the original.
The Offensive Web Testing Framework (OWTF), Zed Attack Proxy (ZAP), and Web Testing Environment
(WTE) are not open frameworks used to guide an organization in making software security decisions that are in
alignment with the organization’s risk profile. OWTF is a penetration testing tool designed to automate some of
the lower level and tedious parts of the penetration testing process. Its aim is to provide the penetration tester
with more time to analyze and investigate complex vulnerabilities. ZAP is an integrated penetration testing tool
for web applications. It provides automated scanning tools and a suite of tools that can be used to manually
probe for vulnerabilities. WTE is a consolidated testing environment that can be distributed as a virtual
machine, a bootable image, or as individual Linux packages. WTE aims to provide a sandbox in which testers,
developers, and trainers can interact with security tools provided by OWASP and other FLOSS developers.
WTE is based on the OWASP Live CD Project.OpenSAMM: Software Assurance Maturity Model
OWASP: Category: Software Assurance Maturity Model