[Owasp-board] All set to go with OWASP

Jeff Williams jeff.williams at owasp.org
Tue Jun 19 10:42:06 UTC 2007

Can you forward the message with the agreement attached so I can look at it?
I'll sign it once we're sure it's right.  Thanks,




From: owasp-board-bounces at lists.owasp.org
[mailto:owasp-board-bounces at lists.owasp.org] On Behalf Of Andrew van der
Sent: Tuesday, June 19, 2007 4:10 AM
To: Dinis Cruz
Cc: OWASP Board
Subject: Re: [Owasp-board] All set to go with OWASP


(minus Janek for now). 


This agreement says that we aren't publishing any material that :

a)      The Work does not contain any libelous or obscene material or
injurious formulas, recipes, or instructions.

In some ways, the testing Guide could be taken to be a compendium of how to
break software. Is this "injurious" instructions under this definition?
Especially in Germany with its new ridiculous law banning most of what we
do. Effectively, if it isn't and if he is sued, we carry the can according
to this contract. 

The only works we can easily publish with this contract are the Top 10 2007
and the Testing Guide. The OWASP Guide 2.0 still has a very murky C
situation and would need assignment from those who contributed (about 40 or
so folks). Let's start out with the Top 10 2007 and the Testing Guide 2.0. 

The "publishing" right - this term is not defined nor made clear

a)      The Foundation has full rights to the Work and is free to assign the
rights to publish the Work to the Publisher under the terms of this

In particular, does he deem this to include:

*	Electronic rights - i.e. Can we continue to offer the PDF and Word
versions online? 
*	Distribution rights - i.e. If we buy discounted books to offer to
our members (say) for free or cheaper than Amazon, are we allowed to do
that? It talks about us buying copies at a discount, but not what we can
then do with them. It is usual practice to provide authors with 20-50 copies
of their work at a discount so they can hand out copies from their personal
stash to friends and family. This clause may be related to that. 
*	Translation rights - i.e. If someone translates the book for us, are
we free to offer that to a different publisher? 
*	Reprint rights - some publishers have a lower margin for reprints
after the main print run. 

I'd really like it to be tightened: be specific that it only amounts to the
rights to publish in hard or soft cover form the edition of the work we
submit (not any later versions), and we reserve all the other subsidiary
rights unless specifically assigned. Jeff - you're a lawyer - what do you

Lastly, who would sign the contract? I believe I am not an official office
holder as I've never signed my life away nor have I been formally appointed
beyond a press release. I think you're in the same spot, Dinis. Dave, Jeff -
should we clear this up now or can one of you two sign it? 


On 6/18/07 5:07 AM, "Dinis Cruz" <dinis at ddplus.net> wrote:

Any comments?
Dinis Cruz
Chief OWASP Evangelist

On 6/18/07, Jacek Artymiak <jacekartymiak at gmail.com> wrote: 


Please review the contract I'm sending you with this message. Feel
free to pass it on to your colleagues for comments and review. 


On 6/1/07, Dinis Cruz <dinis at ddplus.net> wrote:
> Jacek
> We are all set to go. The only confirmation that the OWASP board wants to
> receive is that there is no copyright assigment to you and that OWASP in
> future is free to publish these materials with other publishers.
> So what are the next steps?
> What do you need from me/OWASP?
> Dinis Cruz

Jacek Artymiak



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20070619/05b231fa/attachment-0002.html>

More information about the Owasp-board mailing list