OWASP Licenses

Revision as of 14:24, 9 December 2012 by Jmanico (Talk | contribs)

Jump to: navigation, search

OWASP and Licensing

The OWASP Foundation uses several licenses to distribute software, documentation, and other materials. Contact us for agreements concerning acceptance of materials from individuals and corporations, such as existing documents or software projects. These licenses help us ensure that OWASP projects are supported longterm, and the materials produced can be easily used and are free and open to everyone.

Licensing of OWASP Website Content

We welcome the use of OWASP website content. If you would like to use anything from the wiki in another work, you must follow the terms of the Creative Commons Attribution ShareAlike 3.0 license. We strongly encourage organizations to use OWASP materials for their internal purposes. If you want to distribute modified OWASP materials externally, you must make them available under the CC license - preferably by making your improvements directly at OWASP. Thanks!

Licensing of OWASP Software and Documentation

All software, documentation, and other materials produced by The OWASP Foundation or any of its projects is licensed according to one of the approved FLOSS licenses, such as the GNU "Lesser" GNU Public License (LGPL), the BSD license, or the Creative Commons Attribution ShareAlike 3.0 license. For licensing questions, please contact us at owasp@owasp.org.

Use of the OWASP Brand

The use of the OWASP Brand is covered by the OWASP brand usage rules.

Contributor License Agreements

OWASP desires that all contributors of ideas, code, or documentation to the OWASP projects complete, sign, and submit (via snailmail or fax) a Contributor License Agreement. The purpose of this agreement is to clearly define the terms under which intellectual property has been contributed to OWASP and thereby allow us to defend the project should there be a legal dispute regarding the software at some future time. All contributions made through the website are covered by the clickthrough license on the account creation page.

Assignment of Copyright Agreement

In the case that the contributor desire to assign copyright to the OWASP Foundation, please use the Assignment of Copyright Agreement. Assignment of copyright is not strictly necessary but is an option available to those contributors who would prefer that the OWASP Foundation hold the copyright for contributed materials.

OWASP Recommended Licenses

Why are you recommending these licenses?
Which other open source licenses are eligible for an OWASP project?

Allow commercial uses of your work?
Yes No
  Allow modifications of your work?
Yes, no restriction except attribution Yes, as long as modification are also opensource No
Apache 2.0
(fewest restrictions, even allowing proprietary modifications and proprietary forks of your project, and more up-to-date than BSD license)
GPL 3.0
(requires that modifications to your code stay open source, thus prohibiting proprietary forks of your project)
Sorry, such licenses are not opensource and are not eligible to become an OWASP Sponsored Project. If this is really what you want, consider using CC-BY-ND or CC-BY-NC-ND. See http://creativecommons.org/choose for more information and note that they label these two license as "not a Free Culture License"
Tool Project
AGPL 3.0
(prevents GPL's SaaS loophole)
Library Project LGPL 3.0
(similar to GPL but modified for use with libraries that may be called by other proprietary programs)
Document Project (includes E-Learning, presos, books, etc) CC-BY 3.0
(like Apache but for documents)
CC-BY-SA 3.0
(like GPL but for documents. Alternately you can use GFDL, but projects like Debian and Ubuntu don't accept it)