OWASP Licenses

Revision as of 11:55, 12 December 2012 by Justin Searle (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

OWASP and Licensing

The OWASP Foundation uses several licenses to distribute software, documentation, and other materials. Contact us for agreements concerning acceptance of materials from individuals and corporations, such as existing documents or software projects. These licenses help us ensure that OWASP projects are supported longterm, and the materials produced can be easily used and are free and open to everyone.

Use of the OWASP Brand

The use of the OWASP Brand is covered by the OWASP brand usage rules.

Licensing of OWASP Website Content

We welcome the use of OWASP website content. If you would like to use anything from the wiki in another work, you must follow the terms of the Creative Commons Attribution ShareAlike 3.0 license (CC-BY-SA). We strongly encourage organizations to use OWASP materials for their internal purposes. If you want to distribute modified OWASP materials externally, you must make them available under the CC-BY-SA license - preferably by making your improvements directly at OWASP. Thanks!

Licensing of OWASP Projects

All software, documentation, and other materials produced by The OWASP Foundation or any OWASP Project is licensed according to an open source license as defined by the [Open Source Initiative (OSI) organization]. For licensing questions, please contact us at projects@owasp.org.

In an effort to help OWASP Project leaders choose the appropriate license for their project, the Global Project Committee recommends the following open source licenses. Understand that these licenses are only recommendations and Project Leaders are welcome to use any [Open Source Initiative (OSI) organization] approved license they wish.

Why are you recommending these licenses?
Which other open source licenses are eligible for an OWASP project?

Allow commercial uses of your work?
Yes No
  Allow modifications of your work?
Yes, no restriction except attribution Yes, as long as modification are also opensource No
Apache 2.0
(fewest restrictions, even allowing proprietary modifications and proprietary forks of your project, and more up-to-date than BSD license)
GPL 3.0
(requires that modifications to your code stay open source, thus prohibiting proprietary forks of your project)
Sorry, such licenses are not opensource and are not eligible to become an OWASP Sponsored Project. If this is really what you want, consider using CC-BY-ND or CC-BY-NC-ND. See http://creativecommons.org/choose for more information and note that they label these two license as "not a Free Culture License"
Tool Project
AGPL 3.0
(prevents GPL's SaaS loophole)
Library Project LGPL 3.0
(similar to GPL but modified for use with libraries that may be called by other proprietary programs)
Document Project (includes E-Learning, presos, books, etc) CC-BY 3.0
(like Apache but for documents)
CC-BY-SA 3.0
(like GPL but for documents. Alternately you can use GFDL, but projects like Debian and Ubuntu don't accept it)

Contributor License Agreements

OWASP desires that all contributors of ideas, code, or documentation to the OWASP projects complete, sign, and submit (via snailmail or fax) a Contributor License Agreement. The purpose of this agreement is to clearly define the terms under which intellectual property has been contributed to OWASP and thereby allow us to defend the project should there be a legal dispute regarding the software at some future time. All contributions made through the website are covered by the clickthrough license on the account creation page.

Assignment of Copyright Agreement

In the case that the contributor desire to assign copyright to the OWASP Foundation, please use the Assignment of Copyright Agreement. Assignment of copyright is not strictly necessary but is an option available to those contributors who would prefer that the OWASP Foundation hold the copyright for contributed materials.