[GPC] Stach & Liu - "Possible" CC License Violation

Christian Heinrich christian.heinrich at owasp.org
Wed Aug 3 02:47:09 EDT 2011


This is not a patent issue.

http://www.slideshare.net/cmlh/download-indexed-cache/2 clearly
references http://creativecommons.org/licenses/by-nc-sa/2.5/au/deed.en
i.e. "You must attribute the work in the manner specified by the
author or licensor (but not in any way that suggests that they endorse
you or your use of the work)."

The only way an entity (I have deliberately omitted Stach & Liu until
all the evidence is reviewed) could reuse this without credit would
1. If it is licensed as "Public Domain" which it is not; or
2. The "Birthday Paradox" with consideration to their prior
relationship to OWASP.

I have an issue with an entity stealing "innovative" intellectual
property for their own gain without attribution of the source.

Furthermore, there is a considerable difference between the terms
"freedom" and "open" in open source communities.

On Tue, Aug 2, 2011 at 12:08 PM, Jeff Williams
<jeff.williams at aspectsecurity.com> wrote:
> All,
> I do not know or care about the particulars here, but all CC licenses
> are copyright grants, not patents. There is no requirement to provide
> attribution even if the presentation covers the exact same techniques
> with different slides.  If S&L did know about this work and their work
> is substantially similar, then it would have been cool of them to
> provide a reference -- but NOT required.
> OWASP is about making application security ideas free and open to
> everyone, not about locking them up.  I sincerely hope that there is no
> further discussion about this.
> --Jeff
> -----Original Message-----
> From: global-projects-committee-bounces at lists.owasp.org
> [mailto:global-projects-committee-bounces at lists.owasp.org] On Behalf Of
> Christian Heinrich
> Sent: Monday, August 01, 2011 6:25 PM
> To: Global Projects Committee
> Subject: [GPC] Stach & Liu - "Possible" CC License Violation
> To follow on from
> https://lists.owasp.org/pipermail/owasp-leaders/2011-August/005906.html
> I have reviewed
> http://www.stachliu.com/2010/05/owasp-boston-2010-conference-slides/
> and I believe they have reused (possibly due to the birthday paradox) a
> number of the techniques that I presented on without attribution as
> specified by the Creative Commons license, such as the reference to RSS
> on slide #11 and DRM on slide #33.  Furthermore, there is no citation of
> my OWASP Project yet their presentation was at an OWASP Chapter Meeting.
> That stated, I want to review their other "Conference Slides"
> available from http://www.stachliu.com/category/publications/ prior to
> appointing an independent mediator to approach Stach & Liu
> --
> Regards,
> Christian Heinrich
> http://www.owasp.org/index.php/user:cmlh
> _______________________________________________
> Global-projects-committee mailing list
> Global-projects-committee at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/global-projects-committee

Christian Heinrich

More information about the Global-projects-committee mailing list