[Owasp-leaders] INQUIRY: Brad Causey
bradcausey at owasp.org
Tue May 24 23:11:17 EDT 2011
According to the GPC bylaws, I will not be able to participate in this
Inquiry because of a conflict of interest.
I support your decision to move forward with requesting an inquiry, and I
stand by my peers in their decisions.
Best of luck my friend.
CISSP, MCSE, C|EH, CIFI, CGSP
"Si vis pacem, para bellum"
On Tue, May 24, 2011 at 9:35 PM, Christian Heinrich <
christian.heinrich at owasp.org> wrote:
> On Wed, May 25, 2011 at 11:22 AM, Brad Causey <bradcausey at owasp.org>
> > First, I am not a member of the media community, and I'm actually not
> > exactly what that is, but I apologize for any confusion that may have led
> > you to believe this.
> I was referring to me.
> > The Scope of the final document is clear, and is stated as such. I fail
> > see any issue there. If you read the entire document, it should be clear
> > that the focus therein is strictly related to the Google Hacking Project.
> > I am not a member of the GCC, and am unable to speak to decisions or
> > involving that committee.
> So why did you therefore act as a member of the GCC and contact
> Australian Chapter Leaders?
> > My reservations regarding my continued involvement in OWASP was based on
> > personal factors. As you may know, since you frequent mailing lists, I
> > recently moved to a farm, and have begun a vested interest in Agriculture
> > and Carpentry. I have extended my participation with OWASP for the
> > foreseeable future, and plan to continue contributing to the community.
> Whatever, it was stated that you had some disappointment.
> > Regarding funding. My participation there was due to my involvement in
> > GPC, and was approved by the Board. I'm not sure if you plan to evaluate
> > each participant there, but I can assure you, it was not a paid vacation.
> > Myself and dozens (hundreds?)of other active Members worked very hard,
> > produced agreed upon deliverables.
> No, just the ones who are questionable, such as yourself. That
> stated, I truly (not) believe that Dinis did not "rig" the location
> but ignoring all the submissions based on a question raised by Rex
> Booth on the Leaders List.
> > [Christian]As you would not doubt be aware, as a member of the GPC you
> > should
> > have no skeleton's in the closet. As far as not releasing the code
> > this simply should have been highlighted to the OWASP USA 2008
> > organisers and requested to be removed from the proceeding. That
> > stated, the ulterior motive was in fact to generate "hype".[/Christian]
> > Firstly, I did not present at OWASP USA 2008. Secondly, the Lunker
> > was a proof of concept, and never an official OWASP Project.
> PoC - So was the OWASP Google Hacking Project and it was promoted as
> an Alpha project. Therefore, was is Lurker out of scope of an inquiry
> > [Christian]For the record, I was told by a high profile Google employee
> > the
> > reason the Google SOAP Search API was revoked was not due to their
> > public statement (i.e. deprecated for the AJAX Search API), rather it
> > was being used to distribute upload malware to the web using Google
> > Search Results. While I haven't named names you could easily
> > determine who I discussed this with by finding who spoke at
> > http://2009.confidence.org.pl/prelegenci and he has this known issue
> > with being discussed in the media (ask Ryan Narine). Hence, my
> > counter-claim of "responsible disclosure" of DIC (noted the
> > caplization was used by "Brad" and on
> > http://christianheinrich.blogspot.com/) and you resulting reckless
> > conduct of the inquiry.[/Christian]
> > The time to discuss this is over. The Google Hacking Inquiry is complete.
> So the right to appeal has been revoked? It is prudent that you just
> make it up as you go along.
> > [Christian]As far as asking this on the Lurker Mailing List (if it does
> > exist?) -
> > didn't "Brad" ask about the availability of the OWASP Google Hacking
> > Project source code on an OWASP Mailing List which was unrelated to
> > the project (i.e. owasp-australia).[Christian]
> > Yes, Brad did. I don't know Brad personally, but if I recall correctly,
> > source was also requested on the GHP mailing list. If the Lunker mailing
> > list doesn't exist, it is because it was never an OWASP project.
> Did you ever identity "Brad" i.e. what does Tom Brennan reference as
> "human forensics" within
> - if so why didn't the synopsis state that OWASP had been trolled and
> will therefore seek statutory declaration prior to starting an inquiry
> > [Christian]It is in the best interests of OWASP if you resign from the
> > and as
> > a Chapter Leader now, provide me with a written apology and simply
> > accept the resulting conclusion of the inquiry against you - which
> > lets be honest will be politically motivated to protect the OWASP
> > Board.[/Christian]
> > We actually have a process for removing a member from the GPC, and it is
> > outlined in the bylaws which are published. Should this action be
> > I'm sure my peers will take proper action.
> What about the inquiry process? So there is a rule for me in which I
> am discredited and one which benefits you.
> Don't forget that there were missed opportunities to be exploited i.e.
> I did like the statement that OWASP had to hold an inquiry because it
> knew nothing about me but apparently I was accused of using OWASP to
> promote a commercial agenda and yet this is the first that OWASP had
> heard of me? Would kinda cancel each other out but it would be
> cleared by an inquiry which of course would not be intended to damage
> Then there is Dinis Cruz promoting O2 on the Leader's and London
> Chapter Mailing List - do as I say not as a I do.
> > Regarding the Chapter Leader position, I am actually in the process of
> > resigning because of other obligations. The Birmingham, AL chapter is
> > transitioned to a very well known and respected member of the OWASP
> > community.
> > Should an Inquiry be required for any actions or decisions I have made,
> > sure my peers will treat me with the same objectivity you were treated
> I would like to conduct the inquiry as I am always out to prove that
> my assumptions are incorrect? Then again, I read it on the internet,
> it must be true.
> > I would also like to say that I applaud your concern for the OWASP
> > community, and appreciate your concerns very much. All concerns and
> > are treated very seriously, as you have no doubt discovered.
> > I hope to have cleared up any confusion, and if not, feel free to contact
> > the appropriate OWASP committee or the Board.
> Apparently I will be *censored* from an "open" community provided
> Chris will stand and deliver?
> I will write this off as "one way it is a sighn of our success" i.e.
> Christian Heinrich
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-Leaders