OWASP Licenses

OWASP and Licensing

The OWASP Foundation uses several licenses to distribute software, documentation, and other materials. Contact us for agreements concerning acceptance of materials from individuals and corporations, such as existing documents or software projects. These licenses help us ensure that OWASP projects are supported longterm, and the materials produced can be easily used and are free and open to everyone.

Use of the OWASP Brand

The use of the OWASP Brand is covered by the OWASP brand usage rules.

Licensing of OWASP Website Content

We welcome the use of OWASP website content. If you would like to use anything from the wiki in another work, you must follow the terms of the Creative Commons Attribution ShareAlike 3.0 license (CC-BY-SA). We strongly encourage organizations to use OWASP materials for their internal purposes. If you want to distribute modified OWASP materials externally, you must make them available under the CC-BY-SA license - preferably by making your improvements directly at OWASP. Thanks!

Licensing of OWASP Projects

All software, documentation, and other materials produced by The OWASP Foundation or any OWASP Project is licensed according to an open source license as defined by the [Open Source Initiative (OSI) organization]. For licensing questions, please contact us at [email protected].

In an effort to help OWASP Project leaders choose the appropriate license for their project, the Global Project Committee recommends the following open source licenses. Understand that these licenses are only recommendations and Project Leaders are welcome to use any [Open Source Initiative (OSI) organization] approved license they wish.

Why are you recommending these licenses?
Which other open source licenses are eligible for an OWASP project?

Choosing a license under which an artifact is distributed and enforcing the license are prerogatives of the copyright holders over that artifact. By default, each contributor is copyright holder over the contributed piece. Contributors must all agree on the license and cooperate in enforcing it or must assign their copyright to the entity which becomes responsible for choosing and enforcing the license.

OWASP is a collaborative initiative for the public good and most of its output is expected to be functional, rather than aesthetic. The problem OWASP tackles is so large that OWASP acknowledges a need to collaborate with the commercial world. Therefore, in order to become an OWASP Sponsored Project, you should be comfortable with:

• Allowing arbitrary uses for your work, for example for commercial purposes. (If you disagree, consider using CC-BY-NC.)
• Revealing to the world your project's source code (its form preferred for modification).
• Allowing your work, under certain conditions (see below), to be modified by others and redistributed. (If you disagree, consider using CC-BY-ND.)

Contributor License Agreements

OWASP desires that all contributors of ideas, code, or documentation to the OWASP projects complete, sign, and submit (via snailmail or fax) a Contributor License Agreement. The purpose of this agreement is to clearly define the terms under which intellectual property has been contributed to OWASP and thereby allow us to defend the project should there be a legal dispute regarding the software at some future time. All contributions made through the website are covered by the clickthrough license on the account creation page.

Assignment of Copyright Agreement

In the case that the contributor desire to assign copyright to the OWASP Foundation, please use the Assignment of Copyright Agreement. Assignment of copyright is not strictly necessary but is an option available to those contributors who would prefer that the OWASP Foundation hold the copyright for contributed materials.