DefectDojo Recognized as a Trusted Security Expert for Codific’s SAMMY Project

Security isn’t a one-time checkbox - it’s a continuous process that evolves alongside your organization. That’s why so many security-conscious teams turn to OWASP SAMM (Software Assurance Maturity Model) to assess and improve their secure development practices.

Now, DefectDojo is proud to be recognized as a trusted security expert for Codific’s SAMMY project, a platform designed by core OWASP SAMM contributors to help organizations assess, implement and refine their security programs. With SAMMY, teams can quickly identify security maturity gaps and take immediate, measurable action to strengthen their software development lifecycle (SDLC). 

Why SAMMY Matters

Codific specializes in security-first solutions for industries where privacy and compliance are critical such as HR-Tech, Ed-Tech and Med-Tech. Their SAMMY platform simplifies OWASP SAMM adoption by providing structured guidance at every stage of software development.

One of its standout features, Activity View, highlights where security processes are incomplete or missing. This is where DefectDojo’s expertise adds immense value. 

How DefectDojo Enhances OWASP SAMM Implementation 

Effective application security goes beyond identifying vulnerabilities—it requires tracking, prioritization and continuous improvement. Many security tools provide raw data, but without a structured, metric-driven approach, teams struggle to measure progress and make meaningful changes.

As a recognized security expert, DefectDojo solves this challenge by offering a centralized, automated vulnerability management platform built specifically for security professionals. As the only open-source, unified defect tracking tool, it integrates seamlessly into Codific’s SAMMY workflow, helping teams:

• Automate vulnerability management and security testing

• Track security maturity across development projects

• Gain insights to prioritize remediation efforts effectively

One of the reasons DefectDojo is a great fit for SAMMY is its focus on metrics and automation, making security maturity tracking more actionable. As Codific puts it, "We love DefectDojo because it streamlines defect management into a single, efficient tool. Its strong focus on metrics and a data-driven approach to application security make it a perfect match for organizations adopting SAMM. By treating metrics as first-class citizens, DefectDojo empowers teams to track progress, prioritize effectively, and drive continuous improvement in their security programs."

By integrating DefectDojo with SAMMY, security teams can establish a scalable, structured approach to application security, ensuring that their security programs evolve alongside their development practices.

Security isn’t one-size-fits-all, which is why OWASP SAMM and DefectDojo work so well together. Whether your organization is just beginning its security maturity journey or looking to refine an existing program, DefectDojo provides the automation and expertise needed to make real progress.

Explore how DefectDojo fits into the OWASP SAMM framework:Defect Tracking in SAMM Framework