[Owasp-leaders] Copyright statement recommendations

johanna curiel curiel johanna.curiel at owasp.org
Fri Jun 24 14:08:11 UTC 2016


Having a contributor agreement is quite different that defining who has the
IP rights over ZAP.

Right now, the IP rights are from a group defined as 'Copyright 2016 The
ZAP Development Team', the first most important thing to do is define who
is that team and who can be considered part of that team

Creating an agreement between the ZAP developers team and a new/old
contributor is between ZAP/Project dev team and that contributor.

The ICLA you provided is quite different because is between the Apache
foundation and contributors to apache projects. As stated right now , the
owner of the ZAP code is the 'ZAP development team'

The faster Simon can define clearly who can be considered the team, the

On Fri, Jun 24, 2016 at 9:47 AM, Andrew van der Stock <vanderaj at owasp.org>

> The "Team" can be recognised if you have contributor agreements that agree
> to hand over their (C) claim to the team, so that people don't feel they
> add one line of code and feel they have the right to re-license the code.
> e.g.
> https://www.apache.org/licenses/icla.txt
> If you want us to follow this up with OWASP's legal beagles, please let us
> know, but it will cost and take a bit.
> Andrew
> On Fri, Jun 24, 2016 at 9:00 PM, psiinon <psiinon at gmail.com> wrote:
>> Leaders,
>> We've had some questions about the ZAP copyright statement we use in our
>> code, which is now variations on:
>> /*
>>  * Zed Attack Proxy (ZAP) and its related class files.
>>  *
>>  * ZAP is an HTTP/HTTPS proxy for assessing web application security.
>>  *
>>  * Copyright 2016 The ZAP Development Team
>>  *
>>  * Licensed under the Apache License, Version 2.0 (the "License");
>>  * you may not use this file except in compliance with the License.
>>  * You may obtain a copy of the License at
>>  *
>>  *   http://www.apache.org/licenses/LICENSE-2.0
>>  *
>>  * Unless required by applicable law or agreed to in writing, software
>>  * distributed under the License is distributed on an "AS IS" BASIS,
>> implied.
>>  * See the License for the specific language governing permissions and
>>  * limitations under the License.
>>  */
>> Is "The ZAP Development Team" a reasonable term to use, or is problematic
>> as this is not a legal entity?
>> We typically just give the year the relevant file was created, but should
>> we use the range of years ZAP has been around (ie "2010-2016") and update
>> every file every year?
>> Any other thoughts or recommendations?
>> Cheers.
>> Simon
>> --
>> OWASP ZAP <https://www.owasp.org/index.php/ZAP> Project leader
>> _______________________________________________
>> OWASP-Leaders mailing list
>> OWASP-Leaders at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-leaders
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

Johanna Curiel
OWASP Volunteer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-leaders/attachments/20160624/aa79d264/attachment.html>

More information about the OWASP-Leaders mailing list