[OWASP-LEADERS] Copyright fun again
Jeff Williams @ Aspect
jeff.williams at aspectsecurity.com
Fri Feb 28 07:31:54 EST 2003
Assuming that it was released with an Apache style license (http://www.opensource.org/licenses/apachepl.php), then Dave is allowed to modify and release a closed version commercially. His only obligations are related to credit to OWASP. Specifically, he must...
- retain the copyright notice and license in source and documentation
- not use the word OWASP to endorse or promote product
I think it is reasonable to ask him to live up to this agreement. This is a 4th option that Mark didn't list. If he wants to change that agreement, then perhaps it's reasonable to ask him to pay something for a commercial license.
----- Original Message -----
From: Mark Curphey
To: owasp-leaders at lists.sourceforge.net
Sent: Friday, February 28, 2003 2:04 AM
Subject: [OWASP-LEADERS] Copyright fun again
A while back as you know Dave Zimmer wrote WebSleuth and it was released
under an Apache style license with copyright of OWASP. To cut a long
story short whilst it was a well used product, it wasn't really the flag
ship we wanted OWASP to project (OSS based on MS) so Dave and I agreed
he would develop it on his own site.
Since then Dave has decided to take it commercial and has released a
closed source version for money. Over the last few weeks I keep getting
mails from people (all from hushmail type address's btw) saying that
they feel this is wrong and did we OWASP assign copyright to him. The
answer is no. I have emailed Dave about it and his response was "I never
gave you copyright in the first place in writing so its null and void
anyway". I think we all know that doesn't stack up and the releases from
him had the copyright notice in but.....
This brings up an interesting case.
Firstly Dave is a really good guy and not doing anything malicious here.
I think he may not have understood what he can and can't do but he
wasn't trying to pull a fast one. Hes worked hard on it. Second I don't
think OWASP really wants anything to do with WebSleuth but I maybe
That said if its OSS it is OSS and it is hypocritical to allow someone
to take OWASP copyrighted code, close source it and make money from it.
Its against everything the project stands for.
I really don't want this to become bigger than it need be, Daves a good
guy but as a principle we need to do the right thing here. Its our duty.
And I am just sick of answering emails about it so I see a few options.
Assign copyright to Dave
Demand it is made open and involve the FSF
As OWASP leaders this (or any other options) is your choice. Please let
us all know before Monday.
Mark Curphey <mark at curphey.com>
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
Owasp-leaders mailing list
Owasp-leaders at lists.sourceforge.net
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders