Why we chose Creative Commons Attribution No Derivatives
The Drupal Security Report is licensed under a Creative Commons, Attribution-No Derivatives license. We did this consciously and for several reasons that we wanted to share.
Protecting the credit for our sponsors
This report was a huge effort by Ben and I. In order to make that happen we had to get sponsorship from a ton of great organizations. Those organizations did this for a variety of reasons, but part of it is to associate themselves with the enterprise oriented customers who are concerned about security. If we let people "remix" the content in a manner that excludes the sponsors it's not fair to them as sponsors.
Keeping the right context for the security report
We set out with the goal of writing the shortest report that could cover this particular topic. We also spent lots of time on the outline and the flow of the report. If someone takes pieces of the report and republishes that piece then they are missing out on the setup and context that we set in the rest of the report.
Maintaining a neutral, reputable source for the report
We have a lot of sponsors and as we were pitching the report to them they wanted to make sure that their interests were protected. So, we require that someone offering the report provide it with attribution back to this site. That way this site will remain the primary source for downloading the report which helps ensure that credit is given to all sponsors through this site.
You can imagine if some random, disreputable organization were to create a site that was designed and full of content claiming ownership of this report and offering it for download. And what if they then started publishing their own blog posts with questionable content? This would obviously be a real problem for their readers, our sponsors, and us as the original authors!
So, the license is cc-by-nd for now to protect the clarity of the content, the interest of our sponsors, and the long term clarity of the message.