[Owasp-board] All set to go with OWASP

Jeff Williams jeff.williams at owasp.org
Wed Jun 20 02:01:07 UTC 2007

Here are my thoughts.

a)      The Work does not contain any libelous or obscene material or
injurious formulas, recipes, or instructions.

In some ways, the testing Guide could be taken to be a compendium of how to
break software. Is this "injurious" instructions under this definition?
Especially in Germany with its new ridiculous law banning most of what we
do. Effectively, if it isn't and if he is sued, we carry the can according
to this contract. 

The only works we can easily publish with this contract are the Top 10 2007
and the Testing Guide. The OWASP Guide 2.0 still has a very murky C
situation and would need assignment from those who contributed (about 40 or
so folks). Let's start out with the Top 10 2007 and the Testing Guide 2.0. 

I'm not very worried about the injurious instructions. We're no more liable
than we are now.  As far as the Guide, I'm not too worried about the
copyright claims either.  I'm pretty sure we've got a good case for
distributing the content - that was always the intent.  Anyway, at best, I
think they could sue for some part of the proceeds - and it would be damn
expensive to go for it.

The "publishing" right - this term is not defined nor made clear

a)      The Foundation has full rights to the Work and is free to assign the
rights to publish the Work to the Publisher under the terms of this

In particular, does he deem this to include:

*	Electronic rights - i.e. Can we continue to offer the PDF and Word
versions online? 
*	Distribution rights - i.e. If we buy discounted books to offer to
our members (say) for free or cheaper than Amazon, are we allowed to do
that? It talks about us buying copies at a discount, but not what we can
then do with them. It is usual practice to provide authors with 20-50 copies
of their work at a discount so they can hand out copies from their personal
stash to friends and family. This clause may be related to that. 
*	Translation rights - i.e. If someone translates the book for us, are
we free to offer that to a different publisher? 
*	Reprint rights - some publishers have a lower margin for reprints
after the main print run. 

Well, actually, the contract just requires us to be able to assign the
rights - not to actually assign them.  I would be more comfortable with a
grant of rights, rather than an assignment.  Perhaps that is what he meant.
I suggest that we ask him to clarify exactly what rights he needs, and which
he is requesting to be exclusive.  We retain any rights not specifically
granted or assigned.  My guess is that he needs only:

  - Right to make printed copies, distribute, and sell (exclusive)

The rights to future versions clause is essentially meaningless because it
requires us to re-sign the agreement.


On 6/18/07 5:07 AM, "Dinis Cruz" <dinis at ddplus.net> wrote:

Any comments?
Dinis Cruz
Chief OWASP Evangelist

On 6/18/07, Jacek Artymiak <jacekartymiak at gmail.com> wrote: 


Please review the contract I'm sending you with this message. Feel
free to pass it on to your colleagues for comments and review. 


On 6/1/07, Dinis Cruz <dinis at ddplus.net> wrote:
> Jacek
> We are all set to go. The only confirmation that the OWASP board wants to
> receive is that there is no copyright assigment to you and that OWASP in
> future is free to publish these materials with other publishers.
> So what are the next steps?
> What do you need from me/OWASP?
> Dinis Cruz

Jacek Artymiak



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20070619/94baf021/attachment-0002.html>

More information about the Owasp-board mailing list