Jeremy Long is a Principal Security Engineer with 13+ years of experience building scalable, developer-friendly security programs and tools for large enterprises. He blends deep software development skills with applied security leadership, having led secure SDLC initiatives and custom static analysis efforts at Wells Fargo and now at ServiceNow. Jeremy is the founder and long-time project lead of OWASP dependency-check, a widely used open-source software composition analysis tool, and has contributed to other OWASP projects focused on code quality and encoding defenses. He excels at embedding security into CI/CD pipelines, automating measurable controls, and mentoring global engineering teams to scale secure development practices. His background spans hands-on secure code review, custom rule development (including work that led to a patent), and vendor evaluations for enterprise security tooling. Based in Herndon, VA, he combines pragmatic engineering with a developer-advocate mindset to make security seamless for application teams.
13 years of coding experience
23 years of employment as a software developer
BS Microbiology, BS Microbiology at University of Iowa
MS Computer Science Information Security, MS Computer Science Information Security at James Madison University
AA Computer Programming, AA Computer Programming at Pierce College
OWASP dependency-check is a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies.
Role in this project:
Back-end Developer
Contributions:7 releases, 845 reviews, 7053 commits in 10 years 6 months
Contributions summary:Jeremy's commits primarily involved adding functionality to the Maven POM analysis in order to identify and include the dependency packages listed in the pom.xml file. Further commits focused on the development of a new analyzer to add a scan for the package-url to each dependency when added. This was done in order to prepare for the addition of the CISA known exploited vulnerability and adding the ability to scan plugins.
The OWASP Java Encoder is a Java 1.5+ simple-to-use drop-in high-performance encoder class with no dependencies and little baggage. This project will help Java web developers defend against Cross Site Scripting!
Role in this project:
Back-end Developer
Contributions:3 releases, 5 reviews, 71 commits in 7 years 2 months
Contributions summary:Jeremy primarily focused on improving code quality and adhering to coding standards within the OWASP Java Encoder project. Their contributions involved correcting checkstyle formatting issues, removing empty if statements, and updating JavaDoc documentation. These changes indicate a focus on code maintainability, readability, and adherence to project guidelines, likely improving overall code quality.
dependenciessimple-to-usexssscriptingjava-web
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Jeremy Long - Principal Security Engineer at ServiceNow