Summit 2011 Working Sessions/Session090/Deliverable 5

OWASP Licensing FAQ (Frequently Asked Questions) -- Deliverable from OWASP Summit meeting in Lisbon 2011 Disclaimer: The following is not legal advice. It is highly recommended for a licensed lawyer to review your specific situation and ascertain all relevant issues when selecting and understanding license agreements. 1. Who own the content and code submitted to OWASP? a. The author of the submitted code or content owns the code. However, the author submitting the creative work agrees to open source their work under an approved open source license. The author also has the option of completely assigning all rights in his work to OWASP. Under copyright law the author of a creative work gains copyright protection once the creative work is put into a tangible form. 2. Can I take back from OWASP the code/documentation I had previously submitted? a. Technically no, because you open sourced your code/documentation. However, you can fork your documentation/code and close source your additional changes as the owner of the original documentation/code. 3. Does OWASP require you to share back your changes? a. It depends on the license associated with the code/documentation you are modifying. Some licenses require you to share back any code changes the instant you make then. Other licenses require you to use the same license as the parent code/document which you used. Some are triggered upon distribution and others are triggered on modification or use. 4. What is the default license for information posted on the OWASP wiki? a. Creative Commons 3.0 SA Attribution 5. Can you override the default license which OWASP runs under? a. Yes, but you have to follow the directions in the license you are selecting to abide by the selected license. If the license you selected for your code/document does not include placement directions. Add a license section in the header comments of a code file or the appendix of a document. 6. Which license should I use if I want to give enterprises free will to build products on top of your submitted code or make and use changes to your submitted documents? a. BSD 7. Which license should I use to control distribution, sale or modification of the submitted code/documentation? a. It depends on the limitations you want to enforce in your submitted code/documentation. So read the license and talk to an attorney to understand what you are getting into. Remember that the more restrictive the license then the less likely that an enterprise will want to use it. 8. Is it possible to change my license after my document/code is released to the public? a. If you are the sole contributor for the document/code then you can make changes to the license at any time. If there are multiple contributors to a document or code base you will need go get agreement for the license change from all contributors.