[Owasp-leaders] INQUIRY: Brad Causey

Brad Causey bradcausey at owasp.org
Tue May 24 23:11:17 EDT 2011


According to the GPC bylaws, I will not be able to participate in this
Inquiry because of a conflict of interest.

I support your decision to move forward with requesting an inquiry, and I
stand by my peers in their decisions.

Best of luck my friend.


-Brad Causey
CISSP, MCSE, C|EH, CIFI, CGSP

http://www.owasp.org
--
"Si vis pacem, para bellum"
--


On Tue, May 24, 2011 at 9:35 PM, Christian Heinrich <
christian.heinrich at owasp.org> wrote:

> Brad,
>
> On Wed, May 25, 2011 at 11:22 AM, Brad Causey <bradcausey at owasp.org>
> wrote:
> > First, I am not a member of the media community, and I'm actually not
> sure
> > exactly what that is, but I apologize for any confusion that may have led
> > you to believe this.
>
> I was referring to me.
>
> > The Scope of the final document is clear, and is stated as such. I fail
> to
> > see any issue there. If you read the entire document, it should be clear
> > that the focus therein is strictly related to the Google Hacking Project.
> >
> > I am not a member of the GCC, and am unable to speak to decisions or
> factors
> > involving that committee.
>
> So why did you therefore act as a member of the GCC and contact
> Australian Chapter Leaders?
>
> > My reservations regarding my continued involvement in OWASP was based on
> > personal factors. As you may know, since you frequent mailing lists, I
> have
> > recently moved to a farm, and have begun a vested interest in Agriculture
> > and Carpentry. I have extended my participation with OWASP for the
> > foreseeable future, and plan to continue contributing to the community.
>
> Whatever, it was stated that you had some disappointment.
>
> > Regarding funding. My participation there was due to my involvement in
> the
> > GPC, and was approved by the Board. I'm not sure if you plan to evaluate
> > each participant there, but I can assure you, it was not a paid vacation.
> > Myself and dozens (hundreds?)of other active Members worked very hard,
> and
> > produced agreed upon deliverables.
>
> No, just the ones who are questionable, such as yourself.  That
> stated, I truly (not) believe that Dinis did not "rig" the location
> but ignoring all the submissions based on a question raised by Rex
> Booth on the Leaders List.
>
> > [Christian]As you would not doubt be aware, as a member of the GPC you
> > should
> > have no skeleton's in the closet.  As far as not releasing the code
> > this simply should have been highlighted to the OWASP USA 2008
> > organisers and requested to be removed from the proceeding.  That
> > stated, the ulterior motive was in fact to generate "hype".[/Christian]
> >
> > Firstly, I did not present at OWASP USA 2008. Secondly, the Lunker
> project
> > was a proof of concept, and never an official OWASP Project.
>
> PoC - So was the OWASP Google Hacking Project and it was promoted as
> an Alpha project.  Therefore, was is Lurker out of scope of an inquiry
> then?
>
> > [Christian]For the record, I was told by a high profile Google employee
> that
> > the
> > reason the Google SOAP Search API was revoked was not due to their
> > public statement (i.e. deprecated for the AJAX Search API), rather it
> > was being used to distribute upload malware to the web using Google
> > Search Results.  While I haven't named names you could easily
> > determine who I discussed this with by finding who spoke at
> > http://2009.confidence.org.pl/prelegenci and he has this known issue
> > with being discussed in the media (ask Ryan Narine).  Hence, my
> > counter-claim of "responsible disclosure" of DIC (noted the
> > caplization was used by "Brad" and on
> > http://christianheinrich.blogspot.com/) and you resulting reckless
> > conduct of the inquiry.[/Christian]
> >
> > The time to discuss this is over. The Google Hacking Inquiry is complete.
>
> So the right to appeal has been revoked?  It is prudent that you just
> make it up as you go along.
>
> > [Christian]As far as asking this on the Lurker Mailing List (if it does
> > exist?) -
> > didn't "Brad" ask about the availability of the OWASP Google Hacking
> > Project source code on an OWASP Mailing List which was unrelated to
> > the project (i.e. owasp-australia).[Christian]
> >
> > Yes, Brad did. I don't know Brad personally, but if I recall correctly,
> the
> > source was also requested on the GHP mailing list. If the Lunker mailing
> > list doesn't exist, it is because it was never an OWASP project.
>
> Did you ever identity "Brad" i.e. what does Tom Brennan reference as
> "human forensics" within
> https://lists.owasp.org/pipermail/owasp-board/2010-September/003757.html
> - if so why didn't the synopsis state that OWASP had been trolled and
> will therefore seek statutory declaration prior to starting an inquiry
> process?
>
> > [Christian]It is in the best interests of OWASP if you resign from the
> GPC
> > and as
> > a Chapter Leader now, provide me with a written apology and simply
> > accept the resulting conclusion of the inquiry against you - which
> > lets be honest will be politically motivated to protect the OWASP
> > Board.[/Christian]
> >
> > We actually have a process for removing a member from the GPC, and it is
> > outlined in the bylaws which are published. Should this action be
> warranted,
> > I'm sure my peers will take proper action.
>
> What about the inquiry process?  So there is a rule for me in which I
> am discredited and one which benefits you.
>
> Don't forget that there were missed opportunities to be exploited i.e.
> https://lists.owasp.org/pipermail/owasp-board/2010-August/003554.html
>
> I did like the statement that OWASP had to hold an inquiry because it
> knew nothing about me but apparently I was accused of using OWASP to
> promote a commercial agenda and yet this is the first that OWASP had
> heard of me?  Would kinda cancel each other out but it would be
> cleared by an inquiry which of course would not be intended to damage
> me.
>
> Then there is Dinis Cruz promoting O2 on the Leader's and London
> Chapter Mailing List - do as I say not as a I do.
>
> > Regarding the Chapter Leader position, I am actually in the process of
> > resigning because of other obligations. The Birmingham, AL chapter is
> being
> > transitioned to a very well known and respected member of the OWASP
> > community.
> >
> > Should an Inquiry be required for any actions or decisions I have made,
> I'm
> > sure my peers will treat me with the same objectivity you were treated
> with.
>
> I would like to conduct the inquiry as I am always out to prove that
> my assumptions are  incorrect?  Then again, I read it on the internet,
> it must be true.
>
> > I would also like to say that I applaud your concern for the OWASP
> > community, and appreciate your concerns very much. All concerns and
> issues
> > are treated very seriously, as you have no doubt discovered.
> >
> > I hope to have cleared up any confusion, and if not, feel free to contact
> > the appropriate OWASP committee or the Board.
>
> Apparently I will be *censored* from an "open" community provided
> Chris will stand and deliver?
>
> I will write this off as "one way it is a sighn of our success" i.e.
> https://lists.owasp.org/pipermail/owasp-board/2011-January/004292.html
>
> --
> Regards,
> Christian Heinrich
> http://www.owasp.org/index.php/user:cmlh
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-leaders/attachments/20110524/c8e63ae7/attachment.html 


More information about the OWASP-Leaders mailing list