misp-website/_pages/license.md

43 lines
5.0 KiB
Markdown
Executable File

---
layout: page
title: MISP, Overview of the licenses used in the MISP Project (software, libraries and knowledge base)
permalink: /license/
toc: true
---
# MISP, Overview of the licenses used in the MISP Project (software, libraries and knowledge base)
The MISP project is a large open source project, aiming to support and improve information sharing and threat intelligence analysis at large.
As the MISP project is used in different geographical regions (Europe, North America, Asia-Pacific, South America and Africa) as well as different sectors of activities (spanning a wide selection such as cyber security, intelligence community, law enforcement and NGOs), we provide detailed information about the open source licenses used by the various parts of the project.
# Open Source Licenses Used
The MISP sub-projects use different open source licenses depending on the various use-cases for the given software, library or knowledge base. All the open source licenses used are approved by the OSI and classified as Free/Libre by the Free Software Foundation.
|MISP Repository| License | SPDX Identifier
|:-:|:-:|---|
|[MISP core software](https://github.com/MISP/MISP)|GNU Affero General Public License v3.0 or later|[AGPL-3.0-or-later](https://spdx.org/licenses/AGPL-3.0-or-later.html#licenseText)|
|[MISP objects](https://github.com/MISP/misp-objects)|GNU Affero General Public License v3.0 or later|[AGPL-3.0-or-later](https://spdx.org/licenses/AGPL-3.0-or-later.html#licenseText)|
|[MISP taxonomies](https://github.com/MISP/misp-taxonomies)|Dual licensed: CC0 1.0 Universal (CC0 1.0) or BSD 2-Clause "Simplified" License|[CC0-1.0](https://spdx.org/licenses/CC0-1.0.html) or [BSD 2-Clause "Simplified" License](https://spdx.org/licenses/BSD-2-Clause.html)|
|[MISP galaxy](https://github.com/MISP/misp-galaxy)|Dual licensed: CC0 1.0 Universal (CC0 1.0) or BSD 2-Clause "Simplified" License|[CC0-1.0](https://spdx.org/licenses/CC0-1.0.html) or [BSD 2-Clause "Simplified" License](https://spdx.org/licenses/BSD-2-Clause.html)|
|[MISP warning-lists](https://github.com/MISP/misp-warninglists)|Dual licensed: CC0 1.0 Universal (CC0 1.0) or BSD 2-Clause "Simplified" License|[CC0-1.0](https://spdx.org/licenses/CC0-1.0.html) or [BSD 2-Clause "Simplified" License](https://spdx.org/licenses/BSD-2-Clause.html)|
|[MISP decaying models](https://github.com/MISP/misp-decaying-models)|Dual licensed: CC0 1.0 Universal (CC0 1.0) or BSD 2-Clause "Simplified" License|[CC0-1.0](https://spdx.org/licenses/CC0-1.0.html) or [BSD 2-Clause "Simplified" License](https://spdx.org/licenses/BSD-2-Clause.html)|
|[MISP modules](https://github.com/MISP/misp-modules)|GNU Affero General Public License v3.0 or later|[AGPL-3.0-or-later](https://spdx.org/licenses/AGPL-3.0-or-later.html#licenseText)|
|[PyMISP](https://github.com/MISP/misp-galaxy)|BSD 2-Clause "Simplified" License|[BSD 2-Clause "Simplified" License](https://spdx.org/licenses/BSD-2-Clause.html)|
|[MISP-Maltego](https://github.com/MISP/misp-maltego)|GNU Affero General Public License v3.0 or later|[AGPL-3.0-or-later](https://spdx.org/licenses/AGPL-3.0-or-later.html#licenseText)|
|[misp-dashboard](https://github.com/MISP/misp-dashboard)|GNU Affero General Public License v3.0 or later|[AGPL-3.0-or-later](https://spdx.org/licenses/AGPL-3.0-or-later.html#licenseText)|
# Contributing and copyright
We welcome contributions. All contributors collectively own the MISP project itself along with the various MISP sub-projects (software, libraries and knowledge bases alike), depending on which parts they have contributed to. The contributors also acknowledge the [Developer Certificate of Origin](https://developercertificate.org/).
# AGPL Affero General Public License - MISP point of view
MISP core software is licensed under the [Open Source approved](https://opensource.org/licenses/AGPL-3.0) AGPL license. The Affero GPL is a standard GNU GPL version 3 license with an additional clause which requires the ability to download the source code of the MISP core itself. This requirement only applies if the MISP core software has been modified, Meaning that you are free to bundle MISP with any software under different licenses. AGPL only applies to the MISP core software and not to any other software using the API of MISP.
# Export control
The MISP Project is developed at an international scale and the core developers are located in Europe. This website is hosted in Belgium. Export restriction might apply (as MISP open source software can be classified as [ECCN 5D002 or 5D992](https://www.bis.doc.gov/index.php/documents/new-encryption/1652-cat-5-part-2-quick-reference-guide/file)) for the users depending on their location if they wish to download MISP from the official GitHub repositories (hosted by GitHub, Inc.). If you are located in a region where downloading from GitHub is restricted, the MISP project provides an alternative git repository for each MISP sub-projects at the following location: [https://eugit.opencloud.lu/MISP](https://eugit.opencloud.lu/MISP) located in Luxembourg, Europe (hosted by [opencloud.lu](https://www.opencloud.lu/)).