This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Template:Recommended Licenses
From OWASP
Revision as of 13:10, 19 April 2017 by Thomas Herlea (talk | contribs) (Spelled out the license names, expanded explanations.)
Why are you recommending these licenses?
Which other open source licenses are eligible for an OWASP project?
Choosing a license under which an artifact is distributed and enforcing the license are prerogatives of the copyright holders over that artifact. By default, each contributor is copyright holder over the contributed piece. Contributors must all agree on the license and cooperate in enforcing it or must assign their copyright to the entity which becomes responsible for choosing and enforcing the license.
| Artifact | Allow commercial uses of your work? | |||
|---|---|---|---|---|
| Yes | No | |||
| Allow modifications of your work? | ||||
| Yes, no restriction except attribution | Yes, as long as modification are also open source | No | ||
| Tool Project (Non-WebBased) |
Apache License (newest version as of 2016 is 2.0): Has the fewest restrictions, even allowing proprietary modifications and proprietary forks of your project, and is more up-to-date than the BSD license. |
GPL (newest version as of 2016 is 3.0): The "General Public License" protects users' four essential freedoms, among other things by requiring someone who distributes software derived from yours to also publish the source code for the modifications. Anyone can charge money for distributing copies of the software, but cannot prevent its recipients from redistributing it for free. The GPL allows the copyright holders to distribute the software under additional licenses, too, which can be a way to make it proprietary-friendly. |
Sorry, such licenses are not opensource and are not eligible to become an OWASP Sponsored Project. If this is really what you want, consider using CC-BY-ND or CC-BY-NC-ND. See http://creativecommons.org/choose for more information and note that they label these two license as "not a Free Culture License" | |
| Tool Project (WebBased) |
AGPL (newest version as of 2016 is 3.0): The "Affero General Public License" extends the GPL to SaaS: users of the modified software must be able to obtain the source code of the modifications. |
|||
| Library Project | GPL or LGPL (newest version as of 2016 is 3.0): The "Lesser General Public License" relaxes the GPL for libraries: if the library is not modified, just integrated (function calls, global variables,...), with other software, it does not require the source code of the other software to be published. The Free Software Foundation recommends the LGPL only for libraries which have established competitors for the same functionality, otherwise they recommend the full GPL. |
|||
| Document Project (includes E-Learning, presentations, books, etc) | CC-BY (newest version as of 2016 is 4.0): The "Creative Commons Attribution" is like the Apache License, but for documents. |
CC-BY-SA (newest version as of 2016 is 4.0): The "Creative Commons Attribution-ShareAlike" is like the GPL, but for documents. |
||
