[Owasp-leaders] Commercial delivery of courses based on OWASP materials

Andrew van der Stock vanderaj at owasp.org
Tue May 25 06:26:36 EDT 2010

Hi there,

The power of open source is that you are free to use it and re-purpose it for any reason. If you can make money off it (especially when it's freely downloadable), good on you. 

Generally, you can't make money writing for OWASP projects (trust me, I've tried), so the only method to make money is to deliver services based upon them. There should be no restrictions on this. It's the One True Open Source Way(tm). 

I think there are many viable mechanisms to make a good living from getting OWASP's message out there. We shouldn't get in the way of this. 

- I think delivering a copy of the relevant standard, project or similar in its original format or with extensions is perfectly acceptable.
- I think buying a copy from OWASP and providing it to participants is a nice to have but we shouldn't hard wire it into our licenses as that's no longer open source

I think the OWASP brand and logo needs to be jealously guarded. 

- I think folks purporting to be OWASP certified trainers etc ... that has to be frowned on until such time we have such a program. Maybe we should do this. I don't know.
- I think folks purporting to deliver OWASP syllabus should make it clear it's their own work as we have no such teaching standards or guidelines. Maybe we should do this. I don't know.

But putting additional restrictions on our materials (CC or GFDL or whatever) I think it taking it out of the hands of the original contributors and definitely violates our commitments to open source both in the letter and spirit of the licenses we use. 


More information about the OWASP-Leaders mailing list