[Owasp-leaders] Commercial use of OWASP products

Juan calderon juan.calderon at owasp.org
Sun Jan 8 01:02:20 UTC 2012

Notice that not all OWASP projects are GPL, some are BSD licenced (like
ESAPI) and other projects are under different open source licences.

BDS is commercial friendly, so you can take ESAPI and create your own
secure components implementation without any source code dislosure

I would encourage those that ask you to give a check on the licences of the
project of their interest to see what they can do with it and what
limitations they might face.

Juan Carlos

On Fri, Jan 6, 2012 at 8:49 AM, webgoat webgoat <webgoat at owasp.org> wrote:

> All
> What is the policy for the use of OWASP products in commercial solutions.
> Over the years I've been asked by many people if they could use WebGoat in
> training environments, most of these have been for in-house training at
> companies or use by educators in the class room.  Recently, I was asked if
> it was OK to use WebGoat in a commercial training solution and what the fee
> for the use of WebGoat is.  I view this situation as slightly different
> than other requests and want to ensure I provide the proper OWASP guidance
> on this.    Thoughts?
> --
> Bruce Mayhew
> OWASP WebGoat Project Lead
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120107/4a203e25/attachment.html>

More information about the OWASP-Leaders mailing list