[OWASP-LEADERS] Copyright fun again

Jeff Williams @ Aspect jeff.williams at aspectsecurity.com
Fri Feb 28 07:31:54 EST 2003

Assuming that it was released with an Apache style license (http://www.opensource.org/licenses/apachepl.php), then Dave is allowed to modify and release a closed version commercially.  His only obligations are related to credit to OWASP.  Specifically, he must...

 -  retain the copyright notice and license in source and documentation
 - not use the word OWASP to endorse or promote product

I think it is reasonable to ask him to live up to this agreement.  This is a 4th option that Mark didn't list.  If he wants to change that agreement, then perhaps it's reasonable to ask him to pay something for a commercial license.


----- Original Message ----- 
  From: Mark Curphey 
  To: owasp-leaders at lists.sourceforge.net 
  Sent: Friday, February 28, 2003 2:04 AM
  Subject: [OWASP-LEADERS] Copyright fun again

  A while back as you know Dave Zimmer wrote WebSleuth and it was released
  under an Apache style license with copyright of OWASP. To cut a long
  story short whilst it was a well used product, it wasn't really the flag
  ship we wanted OWASP to project (OSS based on MS) so Dave and I agreed
  he would develop it on his own site. 

  Since then Dave has decided to take it commercial and has released a
  closed source version for money. Over the last few weeks I keep getting
  mails from people (all from hushmail type address's btw) saying that
  they feel this is wrong and did we OWASP assign copyright to him. The
  answer is no. I have emailed Dave about it and his response was "I never
  gave  you copyright in the first place in writing so its null and void
  anyway". I think we all know that doesn't stack up and the releases from
  him had the copyright notice in but.....

  This brings up an interesting case.

  Firstly Dave is a really good guy and not doing anything malicious here.
  I think he may not have understood what he can and can't do but he
  wasn't trying to pull a fast one. Hes worked hard on it. Second I don't
  think OWASP really wants anything to do with WebSleuth but I maybe

  That said if its OSS it is OSS and it is hypocritical to allow someone
  to take OWASP copyrighted code, close source it and make money from it.
  Its against everything the project stands for.

  I really don't want this to become bigger than it need be, Daves a good
  guy but as a principle we need to do the right thing here. Its our duty.
  And I am just sick of answering emails about it so I see a few options.

  Assign copyright to Dave
  Demand it is made open and involve the FSF
  Do nothing

  As OWASP leaders this (or any other options) is your choice. Please let
  us all know before Monday. 
  Mark Curphey <mark at curphey.com>

  This sf.net email is sponsored by:ThinkGeek
  Welcome to geek heaven.
  Owasp-leaders mailing list
  Owasp-leaders at lists.sourceforge.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/owasp-leaders/attachments/20030228/715302d7/attachment.html 

More information about the OWASP-Leaders mailing list