[Governance] My OWASP Membership

Christian Heinrich christian.heinrich at cmlh.id.au
Fri Feb 21 02:47:54 UTC 2014

Josh and Tobias,

I have attempted to resolve ongoing issues related to the OWASP Google
Hacking Inquiry in a manner that has resulted in positive outcome, such as
the acknowledgement from Eoin below, while in other cases this has resulted
in a unintended outcome.

The OWASP Board has made it quite clear that I will be held to a much
higher standard than an unknown member of the public applying for
membership or that of existing member who continue to flaunt the OWASP Code
of Ethics for their own commercial gain.

For the record, the intention of the OWASP Google Hacking Project was to
demonstrate an innovative concept that I documented in the OWASP Testing
Guide and I wanted to donate the PoC to OWASP also.

I was invited to present at two conferences in North America within a two
week period of the OWASP North American Conference and at another
conference coinciding with the OWASP European Conference in Poland.  As I
had never travelled to either the USA or Europe before and due to the
popularity of another speaker who promoted a less innovative technique I
was proud to represent OWASP at these events as everyone had made me feel
welcome who I had met in Australia and in New York.

My decisions during this time of leading my first OWASP Project were based
solely on not intending to cause undue embarrassment to the Foundation and
therefore my decisions were governed on taking the most conservative
approach.  In hindsight a number of people who participated in the inquiry
have admitted that they would have handled the incident differently and may
have been different had I received the unintended complaint from Andre
Ludwig in time but unfortunately I acknowledge that it is not possible to
repair the damage to my relationship with OWASP.

Therefore, I feel that if my membership is reinstated, which I have no
expectation that it will, then the OWASP Board will not assist me further
in seeking closure with particular former and current OWASP members as I
will be censured in effect due to the OWASP Code of Ethics and therefore my
core issues related to the inquiry into the OWASP Google Hacking Project
will remain unresolved.

Neither have the period related to my suspension or termination resulted in
the resolution of the core issues related to the inquiry of the OWASP
Google Hacking Project.

I largely believe that people involved with OWASP have good intent as I had
but my perception is now clouded with how I was treated during the OWASP
Google Hacking Inquiry that was conducted without any due diligence or
oversight yet resulted in proof of my good intention beyond a reasonable

I feel the issues between OWASP and I have not been resolved simply due to
the fact that I perceived differently now than I was prior to the OWASP
Google Hacking Inquiry.  While I have attempted from time to time to
contribute positively to OWASP since the inquiry I have considered this a
burden rather than experience the enjoyment that I have when contributing
to WASC, MITRE or BSIMM because someone within OWASP always has an agenda
in supporting me.

I would like to thank you both for your efforts and I apologies if you
perceive that I have wasted your time as I genuinely wanted resolve these
ongoing conflicts as a member of OWASP.

---------- Forwarded message ----------
From: Christian Heinrich <christian.heinrich at cmlh.id.au>
Date: Thu, Jan 23, 2014 at 10:38 AM
To: Eoin <eoin.keary at owasp.org>


On Wed, Jan 22, 2014 at 8:44 PM, Eoin <eoin.keary at owasp.org> wrote:
> I apologize for referring to you as an "empty vessel" 3.5 years ago, I may
> of been fooled by the others, which was their intention, that you were the
> bad guy.

I accept your apology and want to apologies for my own retaliatory
behaviour towards you.

You are more than welcome to share this e-mail with the rest of the OWASP

Christian Heinrich

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/governance/attachments/20140221/a9342bce/attachment.html>

More information about the Governance mailing list