[Owasp-board] CLA's for Open Source Projects

Jim Manico jim.manico at owasp.org
Wed Sep 24 01:24:02 UTC 2014

Board and Johanna,

A member of our community approached us with an interest of open 
sourcing a substantial project. He is asking that contributors sign 
*his* CLA before contributing to the project since he is about to open 
source what is the lifeblood of his company.

I'm torn; I want the contribution but I have not faced CLA's before at 
OWASP. Apache and others do require these...

My though is, we may want to consider a OWASP CLA someday, but if a 
company requires a CLA for commercial purposes, we politely pass.

That aside, I do not have a solid opinion on this matter and I'm not 
sure how to respond....


More information about the Owasp-board mailing list