Cisco Exam Questions

Which of the following statements is true regarding OWASP?

Which of the following statements is true regarding OWASP? (Select the best answer.)

It is exclusively a North American nonprofit organization.

It endorses products from HP and Symantec.

It releases security materials under FLOSS licenses.

It requires membership to download security tools such as ZAP.

The Open Web Application Security Project (OWASP) releases security materials under Free/Libre and Open
Source Software (FLOSS) licenses. OWASP is a multinational, notforprofit organization that provides
frameworks, documentation, tools, and community forums with a focus on application security. For example,
one of the OWASP Flagship projects is the Software Assurance Maturity Model (SAMM), which is an open
framework used to guide an organization in making software security decisions that are in alignment with the
organization’s risk profile. Like all OWASP documentation, the SAMM is licensed under the Creative Commons
AttributionShare Alike 3.0 License, which is a common FLOSS license that allows redistribution and
modification of the original content with the appropriate attribution and the requirement to distribute the
derivative work under the same license as the original.
Although OWASP has many financial supporters, including Adobe, Akamai, HP, and Symantec, it does not
endorse any particular company or product. According to the code of ethics published in its bylaws, OWASP
must maintain and affirm its objectivity and reject inappropriate pressure from the technology industry.
Therefore, OWASP strives to avoid affiliation with any technology company and to maintain its presence as an
unbiased source of information about application security.
OWASP offers several different membership levels, each of which offers various benefits, such as reduced
advertising costs, discounted conference sponsorship rates, and the ability to vote in OWASP elections.
However, membership is not required to access or download any of the documentation or tools offered by
OWASP, including Flagship projects such as the OWASP Zed Attack Proxy (ZAP). ZAP is an integrated
penetration testing tool for web applications.
OWASP: Project Licensing