[OWASP-LEADERS] Copyright fun again

Mark Curphey mark at curphey.com
Fri Feb 28 02:04:24 EST 2003


A while back as you know Dave Zimmer wrote WebSleuth and it was released
under an Apache style license with copyright of OWASP. To cut a long
story short whilst it was a well used product, it wasn't really the flag
ship we wanted OWASP to project (OSS based on MS) so Dave and I agreed
he would develop it on his own site. 

Since then Dave has decided to take it commercial and has released a
closed source version for money. Over the last few weeks I keep getting
mails from people (all from hushmail type address's btw) saying that
they feel this is wrong and did we OWASP assign copyright to him. The
answer is no. I have emailed Dave about it and his response was "I never
gave  you copyright in the first place in writing so its null and void
anyway". I think we all know that doesn't stack up and the releases from
him had the copyright notice in but.....

This brings up an interesting case.

Firstly Dave is a really good guy and not doing anything malicious here.
I think he may not have understood what he can and can't do but he
wasn't trying to pull a fast one. Hes worked hard on it. Second I don't
think OWASP really wants anything to do with WebSleuth but I maybe
wrong.

That said if its OSS it is OSS and it is hypocritical to allow someone
to take OWASP copyrighted code, close source it and make money from it.
Its against everything the project stands for.

I really don't want this to become bigger than it need be, Daves a good
guy but as a principle we need to do the right thing here. Its our duty.
And I am just sick of answering emails about it so I see a few options.

Assign copyright to Dave
Demand it is made open and involve the FSF
Do nothing

As OWASP leaders this (or any other options) is your choice. Please let
us all know before Monday. 
 
-- 
Mark Curphey <mark at curphey.com>





More information about the OWASP-Leaders mailing list