better explain scoring maturity levels

[SebaDele]

Description:

From Rainer Haffman in Slack - https://owasp.slack.com/archives/C0VF1EJGH/p1652302629341629 At the beginning, when I started with SAMM, I couldn't understand how the points are given in SAMM. I then found out with the help of the toolbox. Personally, I think it would be a good idea for newcomers to document this on the website. I think a good place for this would be on the "Assessment" page. Additionally, it could be addressed in the FAQ

Tasks:

• [ ] Prepare guidance web page, including worked example
• [ ] Prepare blog post, announcing release of guidance page
• [ ] Pat - Review and release new web page; add page link(s) to menu structure and/or Resources page
• [ ] Pat - Publish blog post

Acceptance criteria: a reader should be able to understand and apply the samm scoring mechanism based on a description in the model without using the toolbox.

Are there any known dependencies between this issue and any other issues? also update / synch with the assessment guidance.

Are there any outstanding questions? no

[SebaDele]

to be included on how to score samm guidance, candidate also for blog post Maxim provided input (link?)

[johndileo]

A discussion, focusing on the alternative approach used by many practitioners, can be found in this Google doc: https://docs.google.com/document/d/1AjYqxyw8aCAeXYXnLy5p-mcDn6vf6RZE5jbk375OmI4/edit?tab=t.0

[johndileo]

I'm planning to include a worked example, like I present in my one-day training.