OWASP Recommended Licenses
(Trying to make a complex choice easy for our project leaders)
|
Allow commercial uses of your work? |
|
Yes |
No |
|
Allow modifications of your work? |
|
Yes, no restriction except attribution |
Yes, as long as modification are also opensource |
No |
ToolProject (Non-WebBased) |
Apache 2.0 (fewest restrictions, even allowing proprietary modifications and proprietary forks of your project, and more up-to-date than BSD license)</font> | <td>GPL 3.0
(requires that modifications to your code stay open source, thus prohibiting proprietary forks of your project)</td>
<td colspan=2 rowspan=4>Sorry, such licenses are not opensource and are not elegible to become an OWASP Sponsored Project. If this is really what you want, consider using CC-BY-ND or CC-BY-NC-ND. See http://creativecommons.org/choose for more information and note that they label these two license as "not a Free Culture License"</td>
<tr>
<td>Tool Project
(WebBased)</td>
<td>AGPL 3.0<
(prevents GPL's SaaS loophole)</td>
</tr>
<tr>
<td>Library Project</td>
<td>LGPL 3.0
(similar to GPL but modified for use with libraries that may be called by other proprietary programs)</td>
</tr>
<tr>
<td>Document Project (includes E-Learning, presos, books, etc)</td>
<td>CC-BY 3.0
(like Apache but for documents)</td><td>CC-BY-SA 3.0
(like GPL but for documents. Alternately you can use GFDL, but projects like Debian and Ubuntu don't accept it)</td>
</tr>
</table>
Why are you recommending these licenses? http://www.datamation.com/osrc/article.php/12068_3803101_1/Bruce-Perens-How-Many-Open-Source-Licenses-Do-You-Need.htm
Which other opensource licenses are elegible for an OWASP Project? http://opensource.org/licenses/category