[Governance] Termination - Request for Artifact(s)

Christian Heinrich christian.heinrich at cmlh.id.au
Sun Feb 23 00:56:22 UTC 2014


As you have cited "Open in OWASP" can you please release to me:
1. A list of the people that you spoke to (without my knowledge or
2. Read only access to the audio recording and written statements of
Brad Causey, Chris Gatford, Jason Li, Dinis Cruz and all other people
provided in 1. above?

The above is to ensure fairness related to:
1. http://en.wikipedia.org/wiki/Witness_impeachment and;
2. Your [Josh] own concern related to accusations of character
assassination within OWASP in the past.

For the record I have made the above request in the past which you
[Josh] outright refused.  Yet you [Josh] have requested to release the
recording of the conference calls with me and also claimed to have
"nothing to hide".

You [Josh] admit below that these "questions" are ambiguous and
intended to elect a free flowing discussion (not a yes/no response) to
capture a much greater scope then what you claimed was a possible
agenda prior to the conference call.  Some of your statements are
wrong and/or not based on fact either.   You never asked me these
questions during the conference call and neither was I unable to
reject them as you would have terminated the call.

Based on http://lists.owasp.org/pipermail/owasp-board/2014-February/013230.html
the OWASP Board has once again undertaken a "short cut" and will
mislead the OWASP Leaders that a vote was held for my membership
reinstatement and have deliberately sought to have me removed
permanently from OWASP with the creation of "new" conditions intended
to be enforced against me retrospectively and ongoing without prior
notice or warning.

I would recommend you, as an OWASP Board Member, desist from posting
further threats and comment on the governance mailing list as their
sole purpose is entrapment and to influence public opinion against me,
including the independent audit of the lack of due process related to
my termination, by inferring that I am unreasonable and have something
to hide.

I seek the path of lest resistance in resolving this dispute with the
OWASP Board and a positive outcome for all involved.

On Sat, Feb 22, 2014 at 5:42 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
> Christian,
>> "You are more than welcome to schedule an interview for on the record
>> comment provided a list of question are agreed upon beforehand?"
> This was the exact purpose of these two previous interviews.  I'm not sure
> what you thought the point of it was if it was not on the record.  I
> certainly would not want to waste my time with a conversation that would
> serve no purpose.  I could not possibly "induce" an audio interview that you
> requested, and attended, knowing in advance that I had scheduled it via
> GoToMeeting with the intent of recording it for our records as well as
> yours.  To support this:
>> "Not following the "O" in "OWASP" has bit us many times in the past and in
>> a situation like this where claims have been made around character
>> assassination, I feel quite strongly that all of these discussions should
>> take place on record."
>> (http://lists.owasp.org/pipermail/owasp-board/2014-January/012946.html)
>> My statement about a public call was not a joke.  It was based on your
>> request that this discussion be held in the light.  I can't speak for how
>> the Board has done things in the past, but unless you specifically desire to
>> have the discussions private, then I believe they shouldn't be.  My actions
>> as a Board member should be performed in full view of the members who
>> elected me.  Because of this, I have waived my right to privacy on this
>> matter as well.  There is no alterior motive, only a desire for
>> transparency.
>> (http://lists.owasp.org/pipermail/owasp-board/2014-January/013009.html)
> And this from you, but it was not sent to the mailing list.  That said, all
> of the Board members plus Kate and Sarah received it:
>> I have no objection to recording the call provided I receive a list of
>> questions prior so there aren't any "surprises" related to entrapment. (Thu,
>> Jan 16, 2014 at 7:34 PM "Re: Fwd: Josh & Christian - Conference Call")
> You agreed to the call and you agreed to the recording.  It was only once
> you got on the call that you cited "inducement" and I offered to terminate
> the call at that point.
> Your statement that you were not provided a list of questions is just
> straight up lies and I'm going to call you on that as well.  I made several
> attempts to allow you to generate the list of questions yourself due to your
> threats of entrapment.
>> "I certainly would hate to be accused of entrapment.  That said, I want to
>> ensure that you have the opportunity to speak your mind and worry that I may
>> not ask the right questions for you to do so.  Perhaps it would make sense
>> if you wrote down some questions for me to consider?  I could tailor them a
>> bit if necessary (and will provide in advance of course) but it would both
>> save me time in generating them myself and ensures that you have the
>> opportunity to say what you need to say.  I will warn, however, that our
>> conversation loses its candidness with this approach and it really becomes
>> more like me taking a prepared statement rather than having a conversation.
>> But I would like to hear what you have to say, so if that's what you're
>> comfortable with, it works for me." (Thu, Jan 16, 2014 at 9:55 PM "Re: Fwd:
>> Josh & Christian - Conference Call")
> When you failed to generate the list of questions, I responded as follows:
>> I would gladly hear your views on the Google Hacking inquiry and any
>> assertions you have as to why the information in it may be inaccurate and/or
>> the penalty unjust.  I would gladly hear your views on why you feel that
>> your suspension ultimately turned into a full membership revocation.  I
>> would gladly hear your views on why you feel that the membership revocation
>> has lasted as long as it has.  More importantly, I would gladly hear your
>> views on why you feel that the membership revocation should be lifted and
>> your membership reinstated.  I would like to hear your views on the
>> rationale behind the recent commotion on the mailing lists and private
>> communications and why this is different from the activity which got your
>> membership revoked previously.  And most important in my mind, I would like
>> to hear your views on your intent should your membership me reinstated.  The
>> Board reinstating your membership is equivalent to OWASP forgiving any past
>> actions and is a statement that we are willing to move forward with you as
>> part of the organization.  Are you willing and able to do the same?  Those
>> are the questions that you should expect from me on the call since you do
>> not seem interested in taking me up on my offer to allow you to generate the
>> questions yourself.  (Sun, Jan 19, 2014 at 3:15 AM "Re: Fwd: Josh &
>> Christian - Conference Call")
> The questions for the second call were even more explicit:
>> "the following are the questions and topics that I would like to
>> ask/discuss during our call later this week:
>> 1) The original finding from the Google Hacking Inquiry was only that you
>> had not published your source code.  The consequence, as determined by the
>> Board, was a 3 month suspension of your OWASP membership.  Can you please
>> tell me why you feel that the original 3 month suspension turned into a full
>> membership revocation?
>> 2) I believe the original revocation was supposed to have been for a two
>> year term which would have ended several years ago.  Did you ask to have
>> your membership reinstated?  Why do you feel that the revocation is still in
>> place after that original revocation was up?
>> 3) Even recently there have been negative communications from yourself to
>> OWASP members both via the mailing list and in private.  Can you please
>> explain your reasoning behind these negative communications?
>> 4) You have requested of the Board to reinstate your OWASP membership.
>> Can you please explain why you feel that the membership revocation should be
>> lifted and your OWASP membership be reinstated?
>> 5) Can you please tell me what your intent would be if the Board were to
>> rule in favor of having your membership reinstated?  Would you participate
>> in OWASP as a positive contributor?  Would you be willing to lay aside any
>> negative feelings and abide by the OWASP Code of Ethics?"  (Wed, Jan 29,
>> 2014 at 2:55 PM "Topics of Discussion for This Weeks Call")
> Your requests to assist you are just attempts to draw OWASP into your own
> personal grudges with others.  The OWASP Board has no place in helping you
> do whatever it is you think you're doing with these people and it is
> completely out of the scope of your request for reinstatement, which you
> have now requested us to drop.
> I have absolutely nothing to hide and my e-mails above show that I have made
> every attempt to make my communications with you completely transparent.  It
> is you, Sir, that has requested that certain records not be released in
> public.  If anyone is trying to hide something, it is you.
> I support 100% whatever Martin would like to do here.  If that means taking
> an independent inquiry, I am quite confident that he will come to the same
> conclusions that everyone else has come to.
> I find it repulsive that you say that the Board is taking shortcuts on this.
> I have spoken with over a dozen people related to you and your behavior.  I
> have requested now, three times, the names and contact information for those
> you would like me to speak who support you, and you continue to ignore the
> request.  Just because I have refused to involve myself or the Board in your
> personal grudges, does not mean that we've taken the shortcut.  It means
> that I recognize that the scope of our engagement was the Google Hacking
> Inquiry and your request for reinstatement.  Everything else is simply your
> attempt to waste time and deflect attention to others instead of yourself.
> Given what I've stated above, let me be clear.  You have now elected to take
> two shots at my integrity when I have been completely open about everything
> here.  I no longer have the time to engage you in these discussions as they
> are no longer productive and have again gone negative.  I'm going to ask you
> to please deal directly with Martin going forward as I no longer feel that I
> can remain unbiased in this matter.  You've now taken two shots at my
> integrity.  If you do it again, I would be happy to release all records of
> our communications to the public as I have absolutely nothing to hide.  It
> is you that has asked for them not to be shared.

Christian Heinrich


More information about the Governance mailing list