What we’re about
The Open Worldwide Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.
Everyone is free to participate in OWASP and all of our materials are available under a free and open software license. You'll find everything about OWASP here on or linked from our wiki and current information on our OWASP Blog. OWASP does not endorse or recommend commercial products or services, allowing our community to remain vendor neutral with the collective wisdom of the best minds in software security worldwide. We ask that the community look out for inappropriate uses of the OWASP brand including use of our name, logos, project names and other trademark issues. We usually meet the FIRST WEDNESDAY of EVERY MONTH (Unless a speaker can only present another night), 6:30 to 9 pm. Everyone is welcome to come to any meeting, there is no signup or joining criteria, just come if it sounds interesting. Feel free to sign up to the OWASP Boston mailing list.
The Boston chapter was started in February 2005.
Any questions or comments, tweet us at @owaspboston or email us! boston@owasp.org
Upcoming events (1)
See all- OWASP Boston Chapter Meeting - July 2025415 Main St, Cambridge, MA
This month we will be welcoming Jerry Hoff, a lifetime member of OWASP, to our meetup. Doors open at 6:30pm and the presentation starts at 7pm. Pizza and soda will be provided.
In this session Jerry will be talking about The AI AppSec Nightmare.
The era of AI-powered attackers is no longer theoretical. Autonomous and semi-autonomous tools are now capable of identifying, exploiting, and adapting to vulnerabilities at a scale and speed that surpass human capacity. This talk explores the implications of a world where AI-driven threats are a permanent part of the landscape.
We begin with a candid look at the current state of application security, where manual processes and outdated risk models struggle to keep pace with modern development. At the same time, AI-generated code is entering environments at an unprecedented rate, often with little to no review, expanding the attack surface in ways few organizations are prepared for.
Compounding the problem is a growing wave of global regulations pushing organizations to demonstrate security readiness, often without providing practical paths to achieve it. Within this context, the traditional approach of prioritizing and fixing only critical and high-severity issues is breaking down. Attackers, especially those leveraging AI, no longer view low or medium vulnerabilities as difficult hurdles. Most vulnerabilities should now be treated as easily exploitable.
This session offers a sharp, forward-looking assessment of the challenges ahead and outlines key shifts that application security teams must make to stay relevant and effective in the age of AI.Jerry Hoff has decades of experience in technology and security, specializing in application security at an enterprise scale. He holds a Master’s in Computer Science from Washington University in St. Louis and has evaluated the security of applications for some of the largest financial, defense, and commercial organizations in the world.
As a security entrepreneur, Jerry founded and led a static application security testing startup, which was acquired by WhiteHat Security in 2011. He has been an active member of the security community for nearly twenty years as a lifetime member and long-time volunteer with OWASP.
Jerry has held key leadership roles in global organizations, including serving as the Global Head of Security for Sony Electronics and as a Group Senior Security Architect for NTT. His expertise spans secure software development, application security strategy, and enterprise security architecture. He now leads AppSecTraining.com, a company dedicated to training organizations on secure software development. Jerry also is highly involved in cybersecurity startups, and is an investor in multiple startups and funds, and is a strategic advisor to Pixee.ai.
