[Owasp-board] FW: OWASP W3AF Scanner

Tom Brennan tomb at owasp.org
Tue Oct 7 22:24:09 UTC 2008

Thanks Jeff/Seba, relayed.  

Looks like the start of a FAQ "if I already have a open-source project and I want to move it to the OWASP family of tools" - how-to-document.

Sent from my Verizon Wireless BlackBerry

-----Original Message-----
From: "Jeff Williams" <jeff.williams at owasp.org>

Date: Tue, 7 Oct 2008 16:51:28 
To: 'Seba'<seba at owasp.org>; <tomb at owasp.org>
Cc: 'OWASP Foundation Board List'<owasp-board at lists.owasp.org>
Subject: RE: [Owasp-board] FW: OWASP W3AF Scanner


>    - Would the change from w3af in sourceforge to w3af in owasp.org
> require a license change?

From what I see in http://w3af.sourceforge.net/#license



The GPL license is fine.  Any approved open source license is okay.

>    - Would the change from w3af in sourceforge to w3af in owasp.org
> require a change in the copyright? If there is a change in copyright,
> and the copyright goes to OWASP... what would stop OWASP from making
> it closed source? (I know that OWASP is all about open source but...
> you never know!)

Copyright ? It's open source ! As is the OWASP license model

We will NEVER go to closed source 


Every work of authorship has a copyright associated with it.  OWASP does not
require authors to assign copyright to the OWASP foundation.  All we require
is the right to redistribute through our website and make derivative works.
Generally this is covered by the open source license anyway.


OWASP's commitment to free and open source is in our charter. There is no
way that we could possibly take a project closed source.  Even if we tried
(which is impossible) the source would be out there and someone could pick
it up and continue.


>    - The copyright from the new contributions I would make to the
> project, under OWASP (as employee/contract/small projects) will be of

The project's contributions will be made available under the same OWASP open
source model 


Contributors keep the copyright to their work, but OWASP has to have a right
to distribute and make derivative works. 

>    - If I work under a contract for OWASP, would I be capable of
> working also with other companies?

There is no problem working for other companies, as long as Andres respects
his end of the 'contract' : what contract are we talking about? 


Of course. All the contributors to OWASP have full time jobs, most in the
application security field.


I'd be happy to discuss this with Andres if it would help.





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20081007/5c160ef7/attachment-0002.html>

More information about the Owasp-board mailing list