[Governance] Fwd: Termination - Request for Artifact(s)

Christian Heinrich christian.heinrich at cmlh.id.au
Sat Feb 22 01:32:07 UTC 2014

Josh CC Martin,

On Sat, Feb 22, 2014 at 3:20 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
> I will caveat this with "I'm not a lawyer", but the US Internal Revenue
> of 1986 Section 501 (http://www.law.cornell.edu/uscode/text/26/501) having
> to do with not for profit corporations does not specify anything having to
> do with termination of membership.  In the US, where no Federal law
> we would then look to the state of incorporation which I believe is
> in the case of the OWASP Foundation.  Unfortunately, I was unable to find
> the law relating to non-profit corporations in the state of Maryland, but
> you are more than welcome to do that research yourself.  I was, however,
> able to find examples in other states, such as Pennsylvania
> (
> where it says that the act of termination, as well as the method of trial
> and conviction, is subject to the organization's Bylaws.  I do not see any
> stipulations on timing of the Bylaw modifications vs the act of
> so one would assume that as long as they were each handled according to
> organization's process (as prescribed in the Bylaws), then I'm not sure
> there's any issues there from a legal standpoint.  Again, not a lawyer, so
> feel free to consult with one if you so choose.

The contention is that the agenda was amended the day *after* the OWASP
Board Meeting was held as proven within

My recommended course of action for Martin would be seek when *the period
from when the agreed agenda is published prior OWASP Board Meeting* being
held since "*It is a requirement as a board member to fully read all
material prior to the start of the meeting*" as documented in the published
agenda of other OWASP Board Meetings?

This shows the OWASP Board did not uphold their core values related to
transparency as the agenda was modified during the OWASP Board Meeting in
order to fast track the ratification of the termination bylaw in which to
terminate my membership without a due process at the same OWASP Board
Meeting and neither did I receive any prior notification in which to
participate in the OWASP Board Meeting dated 9 January 2012.

I believe we have reached agreement that the suspension dated 8 September
2010 is *not* in the ratified bylaws dated 15 March 2004 (over 6 years
prior) and 23 June 2011 (more than one year later) and it has never been
disputed that *this suspension was illegal as it was not defined within the

The relevant artefacts supporting the above are:
2. https://www.owasp.org/index.php/OWASP_Foundation_ByLaws

On Sat, Feb 22, 2014 at 3:20 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
> The fact is that no one OWASP Board member holds all of the power.  In
> they currently old 1/7th of the power.  Michael may have the tie-breaking
> vote in cases where we are otherwise deadlocked, but under no circumstance
> would his vote alone affect the Board's decisions.

During the "appeal" conference call *Dave Wichers states that there will be
no "revote" taken* around the ~49:30 mark.

Neither is voting on the "appeal" documented within
https://www.owasp.org/index.php/February_6,_2012 or the voting archive.  It
appears the vote was taken well before the next OWASP Board Meeting as per
the e-mail quoted below:

On Sat, Feb 4, 2012 at 11:18 AM, Michael Coates <michael.coates at owasp.org>
*The board has reviewed the information you provided during
your appeal call. After discussion and consideration the board has decided
to uphold our original decision.  Therefore, it is now finalized that your
OWASP membership has been revoked.*

Martin's action item is confirm the above?

On Sat, Feb 22, 2014 at 3:20 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
> As for my request to obtain evidence on the Board list, I will state, on
> record, that Michael has been working behind the scenes in order to
> aggregate this data.  There is a lot of it and it comes from many
> sources including mailing list communications, direct e-mail, interviews,
> and social media.  While the task is not yet complete, I believe he is
> putting forth a good faith effort to assemble what I had requested.
> Assuming that you still conclude with your prior request that you would
> all of this evidence made public, we will publish it all once complete.  I
> would kindly request that you go through both of our interviews in the
> meantime, and come back with the specific timings that you would like
> selectively removed because you did not want that information to be made
> public.  That's not to say that it won't be included in the Board's
> decision.  It will just not be allowed into the public record that you
> requested.  What do you believe is a reasonable timeframe for you to
> accomplish this task?

The core issue is that the *evidence should have been tendered before the
termination* and not after the decision.  This also leads to application of
bias as each person reinterprets prior communication that had no relevance
to the termination are now suddenly applicable to the events of that time.

I do not grant permission for the two interviews to be published to the
public record.  Neither was I ever informed that their distribution was for
the public record and *I requested that I *not* be recorded and any consent
given is inducement*.  You are more than welcome to schedule an interview
for on the record comment provided a list of question are agreed upon

My recommendation for Martin is to confirm the reason that *the OWASP Board
took no action against Chris Schmidt in relation to his personal attack
against Tom Ryan which is dated less than three months prior to my
termination* as a result of [Chris'] destructive behaviour within the

On Sat, Feb 22, 2014 at 3:20 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
> To be clear, the documentation which Michael is aggregating supports the
> abusive behavior from you towards OWASP Board, staff, members, and
> as well as statements from others in the community who have experienced
> negativity from you.  It makes no determination on the Google Hacking
> Inquiry as the case is clearly closed there.  The resulting suspension was
> served, but additional behavioral issues forced the Board to revoke your
> membership.  The documentation will support that conclusion.

I believe that Martin will reach the same conclusion as Chris Schmidt and
Jim Manico that my behaviour is a direct result of the personal attacks
that were perpetuated by the OWASP Google Hacking Inquiry and this
resulting exclusion from OWASP and abuse from the greater security
community had continued well after the illegal suspension period had

I would welcome the recommendation on the owasp-board mailing list from Matt
 Tesauro in leading the *audit of the OWASP Google Hacking Inquiry* on
behalf of Martin.

Christian Heinrich

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/governance/attachments/20140222/633e09f8/attachment.html>

More information about the Governance mailing list