[Owasp-board] Fw: FW: OWASP W3AF Scanner

Tom Brennan tomb at owasp.org
Wed Oct 8 01:52:15 UTC 2008


Andres, sorry going crazy with other stuff like everyone else with
kids, job etc.. ;)

What are your exact questions? Please restate them with a reply to all
so we OWASP Board (Jeff/Dave/Dinis/Seb/Me) can help you get them
answered - i am getting on a plane in 45 mins., and out of pocket for
next few days.

We would all like to see W3AF become a OWASP project, what are the barriers?





On Tue, Oct 7, 2008 at 9:40 PM, Andres Riancho <andres.riancho at gmail.com> wrote:
> Tom,
>
> On Tue, Oct 7, 2008 at 6:54 PM, Tom Brennan <tomb at owasp.org> wrote:
>> Ok here is details from Jeff and he's not only a coder... But our lawyer as
>> well :)
>
> Jeff's answers were really good and inspired a lot of trust in me =)
>
> Could you please take a look at my previous email, so we can keep
> working towards the main goal, which is now clearer and with less
> "licensing questions" in my head? Thanks!
>
> Cheers,
>
>> Sent from my Verizon Wireless BlackBerry
>>
>> ________________________________
>> From: "Jeff Williams" <jeff.williams at owasp.org>
>> Date: Tue, 7 Oct 2008 16:51:28 -0400
>> To: 'Seba'<seba at owasp.org>; <tomb at owasp.org>
>> CC: 'OWASP Foundation Board List'<owasp-board at lists.owasp.org>
>> Subject: RE: [Owasp-board] FW: OWASP W3AF Scanner
>>
>>
>>
>>>    - Would the change from w3af in sourceforge to w3af in owasp.org
>>> require a license change?
>>
>> From what I see in http://w3af.sourceforge.net/#license
>>
>> NO
>>
>>
>>
>> The GPL license is fine.  Any approved open source license is okay.
>>
>>>    - Would the change from w3af in sourceforge to w3af in owasp.org
>>> require a change in the copyright? If there is a change in copyright,
>>> and the copyright goes to OWASP... what would stop OWASP from making
>>> it closed source? (I know that OWASP is all about open source but...
>>> you never know!)
>>
>> Copyright ? It's open source ! As is the OWASP license
>> model https://www.owasp.org/index.php/OWASP_Licenses
>>
>> We will NEVER go to closed source
>>
>>
>>
>> Every work of authorship has a copyright associated with it.  OWASP does not
>> require authors to assign copyright to the OWASP foundation.  All we require
>> is the right to redistribute through our website and make derivative works.
>> Generally this is covered by the open source license anyway.
>>
>>
>>
>> OWASP's commitment to free and open source is in our charter. There is no
>> way that we could possibly take a project closed source.  Even if we tried
>> (which is impossible) the source would be out there and someone could pick
>> it up and continue.
>>
>>
>>
>>>    - The copyright from the new contributions I would make to the
>>> project, under OWASP (as employee/contract/small projects) will be of
>>> OWASP?
>>
>> The project's contributions will be made available under the same OWASP open
>> source model
>>
>>
>>
>> Contributors keep the copyright to their work, but OWASP has to have a right
>> to distribute and make derivative works.
>>
>>>    - If I work under a contract for OWASP, would I be capable of
>>> working also with other companies?
>>
>> There is no problem working for other companies, as long as Andres respects
>> his end of the 'contract' : what contract are we talking about?
>>
>>
>>
>> Of course. All the contributors to OWASP have full time jobs, most in the
>> application security field.
>>
>>
>>
>> I'd be happy to discuss this with Andres if it would help.
>>
>>
>>
>> --Jeff
>>
>>
>>
>>
>
>
>
> --
> Andres Riancho
> http://w3af.sourceforge.net/
> Web Application Attack and Audit Framework
>



-- 
Tom Brennan
Board Member
OWASP Foundation
Tel: 973-795-1046 x112
Url: www.owasp.org



More information about the Owasp-board mailing list