[Owasp-leaders] Commercial use of OWASP products

Eoin eoin.keary at owasp.org
Sun Jan 8 18:21:11 UTC 2012


Webgoat has been used for training many times for many years, I've seen it used and referred to in training material since 2008. The same as the owasp code review guide and testing guides have also been used in training material. 

On 6 Jan 2012, at 14:55, Jerry Hoff <jerry at owasp.org> wrote:

> Hi Bruce,
> 
> If WebGoat is GPL'ed, then they really don't even need permission from OWASP, right?  You can sell GPL'ed software, as long as all the licensing requirements are met.
> 
> My understanding is if they modify the source code and try to sell that modified version, then they are obligated to submit the modified source code back to the community or otherwise make that source code available.
> 
> Jerry Hoff
> 
> 
> On 1/6/12 6:49 AM, webgoat webgoat wrote:
>> 
>> 
>> All
>> 
>> What is the policy for the use of OWASP products in commercial solutions.  Over the years I've been asked by many people if they could use WebGoat in training environments, most of these have been for in-house training at companies or use by educators in the class room.  Recently, I was asked if it was OK to use WebGoat in a commercial training solution and what the fee for the use of WebGoat is.  I view this situation as slightly different than other requests and want to ensure I provide the proper OWASP guidance on this.    Thoughts?
>> 
>> -- 
>> Bruce Mayhew
>> OWASP WebGoat Project Lead
>> 
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> 
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20120108/991c7b2c/attachment.html>


More information about the OWASP-Leaders mailing list