Saturday, April 11, 2026

Agentic SAMM


While hunting Claude-planted RCE in Ouroboros, someone had a thought about spirals, Steps Into Infinity, and what OWASP SAMM is missing for agentic development. The result is ASAMM — a security framework extension for teams whose agents have already started biting back.

The core claim: SDLC is not a cycle. It is a spiral. Each iteration returns to the same phase — design, implementation, verification — but the system changed, the tools changed, and the threat model should have changed with them. Most do not.

https://github.com/scadastrangelove/asamm

What is inside:

Read more »
Posted by at No comments:
Subscribe to: Comments (Atom)