OWASP and Licensing
The OWASP Foundation uses several licenses to distribute software, documentation, and other materials. Contact us for agreements concerning acceptance of materials from individuals and corporations, such as existing documents or software projects. These licenses help us ensure that OWASP projects are supported longterm, and the materials produced can be easily used and are free and open to everyone.
Use of the OWASP Brand
The use of the OWASP Brand is covered by the OWASP brand usage rules.
Licensing of OWASP Website Content
We welcome the use of OWASP website content. If you would like to use anything from the wiki in another work, you must follow the terms of the Creative Commons Attribution ShareAlike 3.0 license (CC-BY-SA). We strongly encourage organizations to use OWASP materials for their internal purposes. If you want to distribute modified OWASP materials externally, you must make them available under the CC-BY-SA license - preferably by making your improvements directly at OWASP. Thanks!
Licensing of OWASP Projects
All software, documentation, and other materials produced by The OWASP Foundation or any OWASP Project is licensed according to an open source license as defined by the [Open Source Initiative (OSI) organization]. For licensing questions, please contact us at firstname.lastname@example.org.
OWASP Recommended Licenses
In an effort to help OWASP Project leaders choose the appropriate license for their project, the Global Project Committee recommends the following open source licenses. Understand that these licenses are only recommendations and Project Leaders are welcome to use any [Open Source Initiative (OSI) organization] approved license they wish.
|Allow commercial uses of your work?|
|Allow modifications of your work?|
|Yes, no restriction except attribution||Yes, as long as modification are also opensource||No|
(fewest restrictions, even allowing proprietary modifications and proprietary forks of your project, and more up-to-date than BSD license)
(requires that modifications to your code stay open source, thus prohibiting proprietary forks of your project)
|Sorry, such licenses are not opensource and are not eligible to become an OWASP Sponsored Project. If this is really what you want, consider using CC-BY-ND or CC-BY-NC-ND. See http://creativecommons.org/choose for more information and note that they label these two license as "not a Free Culture License"|
(prevents GPL's SaaS loophole)
|Library Project||LGPL 3.0
(similar to GPL but modified for use with libraries that may be called by other proprietary programs)
|Document Project (includes E-Learning, presos, books, etc)||CC-BY 3.0|
(like Apache but for documents)
(like GPL but for documents. Alternately you can use GFDL, but projects like Debian and Ubuntu don't accept it)
Contributor License Agreements
OWASP desires that all contributors of ideas, code, or documentation to the OWASP projects complete, sign, and submit (via snailmail or fax) a Contributor License Agreement. The purpose of this agreement is to clearly define the terms under which intellectual property has been contributed to OWASP and thereby allow us to defend the project should there be a legal dispute regarding the software at some future time. All contributions made through the website are covered by the clickthrough license on the account creation page.
Assignment of Copyright Agreement
In the case that the contributor desire to assign copyright to the OWASP Foundation, please use the Assignment of Copyright Agreement. Assignment of copyright is not strictly necessary but is an option available to those contributors who would prefer that the OWASP Foundation hold the copyright for contributed materials.