[OWASP-LEADERS] Copyright fun again

Gabriel Lawrence gabe at landq.org
Fri Feb 28 02:46:40 EST 2003

Not really having any kind of real passion either way... I have this one
philosophical thing to say. It seems to me that there needs to be a way
to balance the economic realities with the desire to be an open source
developer. Sometimes this involves blurring the lines between free and
commercial... One thing that I think is clear is that just because a
project is released openly under one license, that doesn't mean that
that is the only license that the assigned copyright owner can choose to
release something under.

The place where people get angry, but probably don't really have any
legal legs to stand on is if the assigned copyright owner isn't the real
contributor. But you know the risks when you give copyright to someone
else... Anyway, this isnt the case in this example. What is is that
copyright was assigned to one group. After this changes to the existing
base were made and those changes are now being used in a commercial

So... What I guess I'm saying is that if those changes were made and
OWASP had the copyright, it would be possible for us to grant Dave a
license other then the one under which all the code was distributed. A
commercial use license... 

I'd be for doing this if Dave were to pay OWASP some amount of money,
especially since this isn't a project we are moving forward with. This
gives us some resources to use to further what we are doing and frees
him form worrying about us tapping him on the shoulder when his biz is
wildly successful. Not to sound like a pointy haired manager, but its a
win win. We get more resources for OWASP and he gets to move forward
with his company.

So... the idea here is its free to use, go out use and modify things
using the traditional GPL. If for some reason you can't, the
contribution you give back could be something other then code... And
special agreements can be made to accommodate this. This model too can
help us all continue to work on and support open projects just as things
like the GPL do. I realize that I don't share the same zeal that RMS
does, but I also don't have research grants or an academic appointment
to fall back on. I have to make my money off software. I want to do that
and contribute and participate in opensource projects. I see a way for
there to be common ground, and a way that this could benefit all

This is also why I was cafeful about who and how I released CodeSeekers
source. I felt that if I couldn't make money off it, it should be
released under an license that wouldn't allow others not to... But, by
also assigning ownership of the copyright to OWASP I know that I also
gave control of how this copyrighted code is used to OWASP. Its fine
with me if OWASP finds a way to make some money off it as I believe in
OWASP as an organization...

Hope I'm making sense...

On Thu, 2003-02-27 at 23:04, Mark Curphey wrote:
> A while back as you know Dave Zimmer wrote WebSleuth and it was released
> under an Apache style license with copyright of OWASP. To cut a long
> story short whilst it was a well used product, it wasn't really the flag
> ship we wanted OWASP to project (OSS based on MS) so Dave and I agreed
> he would develop it on his own site. 
> Since then Dave has decided to take it commercial and has released a
> closed source version for money. Over the last few weeks I keep getting
> mails from people (all from hushmail type address's btw) saying that
> they feel this is wrong and did we OWASP assign copyright to him. The
> answer is no. I have emailed Dave about it and his response was "I never
> gave  you copyright in the first place in writing so its null and void
> anyway". I think we all know that doesn't stack up and the releases from
> him had the copyright notice in but.....
> This brings up an interesting case.
> Firstly Dave is a really good guy and not doing anything malicious here.
> I think he may not have understood what he can and can't do but he
> wasn't trying to pull a fast one. Hes worked hard on it. Second I don't
> think OWASP really wants anything to do with WebSleuth but I maybe
> wrong.
> That said if its OSS it is OSS and it is hypocritical to allow someone
> to take OWASP copyrighted code, close source it and make money from it.
> Its against everything the project stands for.
> I really don't want this to become bigger than it need be, Daves a good
> guy but as a principle we need to do the right thing here. Its our duty.
> And I am just sick of answering emails about it so I see a few options.
> Assign copyright to Dave
> Demand it is made open and involve the FSF
> Do nothing
> As OWASP leaders this (or any other options) is your choice. Please let
> us all know before Monday. 
> -- 
> Mark Curphey <mark at curphey.com>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Welcome to geek heaven.
> http://thinkgeek.com/sf
> _______________________________________________
> Owasp-leaders mailing list
> Owasp-leaders at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-leaders

More information about the OWASP-Leaders mailing list