[Owasp-leaders] INQUIRY: Brad Causey

Christian Heinrich christian.heinrich at owasp.org
Tue May 24 20:34:13 EDT 2011 

Brad,

Did you copy and paste this from a press release?

As a member of the media community it would be advisable to state that
you are sorry for the distress that you have caused and that you lied
when making an official OWASP statement that issues to do with the
Chapters should be investigated by the GCC (Chapters) and you decided
to conduct your own libel informal investigation i.e. second paragraph
of "Scope" from
https://www.owasp.org/index.php/File:GPC_Report_1_-_Google_Hacking_Project.JPG

I also read on the owasp-board mailing list that you had some regret
with OWASP prior to the OWASP Summit 2011, where you still provided
with a paid holiday even though the GPC had been inactive for some
time until the OWASP Google Hacking Inquiry and would therefore not be
eligible for funding if it wasn't conducted.

As you would not doubt be aware, as a member of the GPC you should
have no skeleton's in the closet.  As far as not releasing the code
this simply should have been highlighted to the OWASP USA 2008
organisers and requested to be removed from the proceeding.  That
stated, the ulterior motive was in fact to generate "hype".

For the record, I was told by a high profile Google employee that the
reason the Google SOAP Search API was revoked was not due to their
public statement (i.e. deprecated for the AJAX Search API), rather it
was being used to distribute upload malware to the web using Google
Search Results.  While I haven't named names you could easily
determine who I discussed this with by finding who spoke at
http://2009.confidence.org.pl/prelegenci and he has this known issue
with being discussed in the media (ask Ryan Narine).  Hence, my
counter-claim of "responsible disclosure" of DIC (noted the
caplization was used by "Brad" and on
http://christianheinrich.blogspot.com/) and you resulting reckless
conduct of the inquiry.

As far as asking this on the Lurker Mailing List (if it does exist?) -
didn't "Brad" ask about the availability of the OWASP Google Hacking
Project source code on an OWASP Mailing List which was unrelated to
the project (i.e. owasp-australia).

It is in the best interests of OWASP if you resign from the GPC and as
a Chapter Leader now, provide me with a written apology and simply
accept the resulting conclusion of the inquiry against you - which
lets be honest will be politically motivated to protect the OWASP
Board.

On Wed, May 25, 2011 at 9:40 AM, Brad Causey <bradcausey at owasp.org> wrote:
> Thank you for your response Christian.
>
> Regarding Lunker, I would offer that you should send an email to the OWASP
> Lunker mailing list regarding your questions. I'm sure the official project
> leader would gladly answer any questions you have. If you are unable to get
> an agreeable solution there, then you should email the GPC (as you know, I
> am a member of) and we will take swift action.
>
> Thanks again for bringing this to our attention.
>
>
>
> -Brad Causey
> CISSP, MCSE, C|EH, CIFI, CGSP
>
> http://www.owasp.org
> --
> "Si vis pacem, para bellum"
> --
>
>
> On Tue, May 24, 2011 at 5:02 PM, Christian Heinrich
> <christian.heinrich at owasp.org> wrote:
>>
>> Brad,
>>
>> It is pretty much well known that having not even met me that you dislike
>> me:
>> 1.
>> https://lists.owasp.org/pipermail/owasp-board/2010-September/003743.html
>> i.e. "recommending we expel him from OWASP"
>>
>> I also liked how that you formed a friendship with a Chapter Leader
>> whose Chapter has been inactive since 2005 much to the horror of a
>> number of people involved with OWASP in Australia:
>> 1. https://lists.owasp.org/pipermail/owasp-board/2010-November/003946.html
>> 2. https://lists.owasp.org/pipermail/owasp-board/2010-October/003926.html
>>
>> Note the above connection to the other party for the current proposed
>> inquiry BTW he was questioned by me and several others within OWASP as
>> to the intent of these e-mail and he claimed to have never contacted
>> OWASP. He is also suspected to be the owner of the sockpuppets i.e.
>> "Brad', "Steven", etc used to create the OWASP Google Hacking Inquiry
>> and there is a known connection to Johnny Long (via Hackers for
>> Charity) with to this individual.
>>
>> But the best part of having the GPC conduct the inquiry was the
>> recommendation that I be reprimanded for not publishing my source code
>> at the conclusion of the GPC inquiry but the source code of the OWASP
>> Lurker Project was never published i.e.
>>
>> https://lists.owasp.org/pipermail/global-projects-committee/2010-November/001695.html
>> and yet presented at several OWASP Conferences.
>>
>> <sarcasm> As you can see, the OWASP Inquiry Process is conducted
>> independently, with due process and without bias </sarcasm>
>>
>> On Wed, May 25, 2011 at 7:36 AM, Brad Causey <bradcausey at owasp.org> wrote:
>> > What is the reason for an inquiry?
>> >
>> > I don't like what Christian did either, as IMO, it is borderline
>> > criminal, but my opinion in this matter is worth exactly what you paid
>> > for it.
>> >
>> > However, I'm curious, if he isn't a member, and isn't a leader, what
>> > jurisdiction do we have?
>>
>>
>>
>> --
>> Regards,
>> Christian Heinrich
>> http://www.owasp.org/index.php/user:cmlh
>
>



-- 
Regards,
Christian Heinrich
http://www.owasp.org/index.php/user:cmlh

More information about the OWASP-Leaders mailing list