[Governance] My OWASP Membership

Josh Sokol josh.sokol at owasp.org
Fri Feb 21 05:11:30 UTC 2014


Christian,

I believe that you are correct in your assumption that if your membership
was reinstated, the Board would likely not assist you further in the
closure you seek.   We are not a judge or a jury.  We are a group of
volunteers focusing on the problem of application insecurity.  And yes, I
agree that any efforts to pursue others for the sake of closure would
likely put you on the other side of the OWASP Code of Ethics, resulting in
your termination yet again.  From your email, it sounds like your decision
is to rescind your request to have your membership reinstated, is that
correct?  I want to ensure that we are correctly interpreting what you are
saying here.  Thanks.
 On Feb 20, 2014 8:47 PM, "Christian Heinrich" <
christian.heinrich at cmlh.id.au> wrote:

> Josh and Tobias,
>
> I have attempted to resolve ongoing issues related to the OWASP Google
> Hacking Inquiry in a manner that has resulted in positive outcome, such as
> the acknowledgement from Eoin below, while in other cases this has resulted
> in a unintended outcome.
>
> The OWASP Board has made it quite clear that I will be held to a much
> higher standard than an unknown member of the public applying for
> membership or that of existing member who continue to flaunt the OWASP Code
> of Ethics for their own commercial gain.
>
> For the record, the intention of the OWASP Google Hacking Project was to
> demonstrate an innovative concept that I documented in the OWASP Testing
> Guide and I wanted to donate the PoC to OWASP also.
>
> I was invited to present at two conferences in North America within a two
> week period of the OWASP North American Conference and at another
> conference coinciding with the OWASP European Conference in Poland.  As I
> had never travelled to either the USA or Europe before and due to the
> popularity of another speaker who promoted a less innovative technique I
> was proud to represent OWASP at these events as everyone had made me feel
> welcome who I had met in Australia and in New York.
>
> My decisions during this time of leading my first OWASP Project were based
> solely on not intending to cause undue embarrassment to the Foundation and
> therefore my decisions were governed on taking the most conservative
> approach.  In hindsight a number of people who participated in the inquiry
> have admitted that they would have handled the incident differently and may
> have been different had I received the unintended complaint from Andre
> Ludwig in time but unfortunately I acknowledge that it is not possible to
> repair the damage to my relationship with OWASP.
>
> Therefore, I feel that if my membership is reinstated, which I have no
> expectation that it will, then the OWASP Board will not assist me further
> in seeking closure with particular former and current OWASP members as I
> will be censured in effect due to the OWASP Code of Ethics and therefore my
> core issues related to the inquiry into the OWASP Google Hacking Project
> will remain unresolved.
>
> Neither have the period related to my suspension or termination resulted
> in the resolution of the core issues related to the inquiry of the OWASP
> Google Hacking Project.
>
> I largely believe that people involved with OWASP have good intent as I
> had but my perception is now clouded with how I was treated during the
> OWASP Google Hacking Inquiry that was conducted without any due diligence
> or oversight yet resulted in proof of my good intention beyond a reasonable
> doubt.
>
> I feel the issues between OWASP and I have not been resolved simply due to
> the fact that I perceived differently now than I was prior to the OWASP
> Google Hacking Inquiry.  While I have attempted from time to time to
> contribute positively to OWASP since the inquiry I have considered this a
> burden rather than experience the enjoyment that I have when contributing
> to WASC, MITRE or BSIMM because someone within OWASP always has an agenda
> in supporting me.
>
> I would like to thank you both for your efforts and I apologies if you
> perceive that I have wasted your time as I genuinely wanted resolve these
> ongoing conflicts as a member of OWASP.
>
> ---------- Forwarded message ----------
> From: Christian Heinrich <christian.heinrich at cmlh.id.au>
> Date: Thu, Jan 23, 2014 at 10:38 AM
> To: Eoin <eoin.keary at owasp.org>
>
>
> Eoin,
>
> On Wed, Jan 22, 2014 at 8:44 PM, Eoin <eoin.keary at owasp.org> wrote:
> > I apologize for referring to you as an "empty vessel" 3.5 years ago, I
> may
> > of been fooled by the others, which was their intention, that you were
> the
> > bad guy.
>
> I accept your apology and want to apologies for my own retaliatory
> behaviour towards you.
>
> You are more than welcome to share this e-mail with the rest of the OWASP
> Board.
>
>
> --
> Regards,
> Christian Heinrich
>
> http://cmlh.id.au/contact
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/governance/attachments/20140220/a1c204be/attachment.html>


More information about the Governance mailing list