[Governance] Termination - Request for Artifact(s)

Josh Sokol josh.sokol at owasp.org
Sun Feb 23 01:45:24 UTC 2014


Unfortunately, while the "O" in OWASP most certainly applies to me, others
have a right to their own privacy and it is not my place to invade upon
it.  Just as I have continued to allow you to hold the decision on whether
your evidence is made public, I will do the same for the others who have
come forth.  The communications have been forwarded along to the Board for
review with their approval, but it was specifically requested that this not
become a matter of public record out of fear of retaliation by you.  Given
your past tendencies to attack those who disagree with you, I believe this
is a legitimate concern.  Yes, you have made this request in the past, and
yes, I refuse your request yet again on the grounds that providing you with
this material will lead to you attacking those who have specifically asked
not to be identified.  I would, however, be happy to provide this
documentation to Martin if he so desires.

Christian, if I could summarize your "situation" into a series of yes/no
questions, I most certainly would.  Unfortunately, you are the single most
complicated person I have ever come across.  That said, I did give you the
opportunity to generate your own questions and you elected not do so.  If
you wanted yes/no questions you could have had them.  That is your fault,
not mine.  Are you saying that the questions which I copied and pasted
verbatum from my e-mail are not the questions that I asked you?  Here is my
"script" that I used for our conversation:


Now, I will say that I felt that you sufficiently answered some questions
without me asking them so I opted to move on, but this is EXACTLY what we
covered.  Any place in our conversation where you stated something was
either in direct response to my question or of your own volition.  I have
nothing to hide and have stated that I am more than happy to release our
conversations to the public to decide.

As for
this will not be applied to you retroactively.  This is meant to ensure
that we do not have this same situation occur again in the future.  For
you, Christian, our policy states "A revoked member will not be allowed to
reapply for membership for a period not less than 24 months. The revoked
member has the option to then reapply for membership with reinstatement
pending approval by the board."  The Board has neither approved nor denied
your request for reinstatement at this time.  At this time, you have
rescinded your request for reinstatement so there is nothing for us to
discuss here.


On Sat, Feb 22, 2014 at 6:56 PM, Christian Heinrich <
christian.heinrich at cmlh.id.au> wrote:

> Josh,
> As you have cited "Open in OWASP" can you please release to me:
> 1. A list of the people that you spoke to (without my knowledge or
> authorisation).
> 2. Read only access to the audio recording and written statements of
> Brad Causey, Chris Gatford, Jason Li, Dinis Cruz and all other people
> provided in 1. above?
> The above is to ensure fairness related to:
> 1. http://en.wikipedia.org/wiki/Witness_impeachment and;
> 2. Your [Josh] own concern related to accusations of character
> assassination within OWASP in the past.
> For the record I have made the above request in the past which you
> [Josh] outright refused.  Yet you [Josh] have requested to release the
> recording of the conference calls with me and also claimed to have
> "nothing to hide".
> You [Josh] admit below that these "questions" are ambiguous and
> intended to elect a free flowing discussion (not a yes/no response) to
> capture a much greater scope then what you claimed was a possible
> agenda prior to the conference call.  Some of your statements are
> wrong and/or not based on fact either.   You never asked me these
> questions during the conference call and neither was I unable to
> reject them as you would have terminated the call.
> Based on
> http://lists.owasp.org/pipermail/owasp-board/2014-February/013230.html
> the OWASP Board has once again undertaken a "short cut" and will
> mislead the OWASP Leaders that a vote was held for my membership
> reinstatement and have deliberately sought to have me removed
> permanently from OWASP with the creation of "new" conditions intended
> to be enforced against me retrospectively and ongoing without prior
> notice or warning.
> I would recommend you, as an OWASP Board Member, desist from posting
> further threats and comment on the governance mailing list as their
> sole purpose is entrapment and to influence public opinion against me,
> including the independent audit of the lack of due process related to
> my termination, by inferring that I am unreasonable and have something
> to hide.
> I seek the path of lest resistance in resolving this dispute with the
> OWASP Board and a positive outcome for all involved.
> On Sat, Feb 22, 2014 at 5:42 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
> > Christian,
> >
> >> "You are more than welcome to schedule an interview for on the record
> >> comment provided a list of question are agreed upon beforehand?"
> >
> >
> > This was the exact purpose of these two previous interviews.  I'm not
> sure
> > what you thought the point of it was if it was not on the record.  I
> > certainly would not want to waste my time with a conversation that would
> > serve no purpose.  I could not possibly "induce" an audio interview that
> you
> > requested, and attended, knowing in advance that I had scheduled it via
> > GoToMeeting with the intent of recording it for our records as well as
> > yours.  To support this:
> >
> >> "Not following the "O" in "OWASP" has bit us many times in the past and
> in
> >> a situation like this where claims have been made around character
> >> assassination, I feel quite strongly that all of these discussions
> should
> >> take place on record."
> >> (http://lists.owasp.org/pipermail/owasp-board/2014-January/012946.html)
> >
> >
> > AND
> >
> >> My statement about a public call was not a joke.  It was based on your
> >> request that this discussion be held in the light.  I can't speak for
> how
> >> the Board has done things in the past, but unless you specifically
> desire to
> >> have the discussions private, then I believe they shouldn't be.  My
> actions
> >> as a Board member should be performed in full view of the members who
> >> elected me.  Because of this, I have waived my right to privacy on this
> >> matter as well.  There is no alterior motive, only a desire for
> >> transparency.
> >> (http://lists.owasp.org/pipermail/owasp-board/2014-January/013009.html)
> >
> >
> > And this from you, but it was not sent to the mailing list.  That said,
> all
> > of the Board members plus Kate and Sarah received it:
> >
> >> I have no objection to recording the call provided I receive a list of
> >> questions prior so there aren't any "surprises" related to entrapment.
> (Thu,
> >> Jan 16, 2014 at 7:34 PM "Re: Fwd: Josh & Christian - Conference Call")
> >
> >
> > You agreed to the call and you agreed to the recording.  It was only once
> > you got on the call that you cited "inducement" and I offered to
> terminate
> > the call at that point.
> >
> > Your statement that you were not provided a list of questions is just
> > straight up lies and I'm going to call you on that as well.  I made
> several
> > attempts to allow you to generate the list of questions yourself due to
> your
> > threats of entrapment.
> >
> >> "I certainly would hate to be accused of entrapment.  That said, I want
> to
> >> ensure that you have the opportunity to speak your mind and worry that
> I may
> >> not ask the right questions for you to do so.  Perhaps it would make
> sense
> >> if you wrote down some questions for me to consider?  I could tailor
> them a
> >> bit if necessary (and will provide in advance of course) but it would
> both
> >> save me time in generating them myself and ensures that you have the
> >> opportunity to say what you need to say.  I will warn, however, that our
> >> conversation loses its candidness with this approach and it really
> becomes
> >> more like me taking a prepared statement rather than having a
> conversation.
> >> But I would like to hear what you have to say, so if that's what you're
> >> comfortable with, it works for me." (Thu, Jan 16, 2014 at 9:55 PM "Re:
> Fwd:
> >> Josh & Christian - Conference Call")
> >
> >
> > When you failed to generate the list of questions, I responded as
> follows:
> >
> >> I would gladly hear your views on the Google Hacking inquiry and any
> >> assertions you have as to why the information in it may be inaccurate
> and/or
> >> the penalty unjust.  I would gladly hear your views on why you feel that
> >> your suspension ultimately turned into a full membership revocation.  I
> >> would gladly hear your views on why you feel that the membership
> revocation
> >> has lasted as long as it has.  More importantly, I would gladly hear
> your
> >> views on why you feel that the membership revocation should be lifted
> and
> >> your membership reinstated.  I would like to hear your views on the
> >> rationale behind the recent commotion on the mailing lists and private
> >> communications and why this is different from the activity which got
> your
> >> membership revoked previously.  And most important in my mind, I would
> like
> >> to hear your views on your intent should your membership me reinstated.
>  The
> >> Board reinstating your membership is equivalent to OWASP forgiving any
> past
> >> actions and is a statement that we are willing to move forward with you
> as
> >> part of the organization.  Are you willing and able to do the same?
>  Those
> >> are the questions that you should expect from me on the call since you
> do
> >> not seem interested in taking me up on my offer to allow you to
> generate the
> >> questions yourself.  (Sun, Jan 19, 2014 at 3:15 AM "Re: Fwd: Josh &
> >> Christian - Conference Call")
> >
> >
> > The questions for the second call were even more explicit:
> >
> >> "the following are the questions and topics that I would like to
> >> ask/discuss during our call later this week:
> >>
> >> 1) The original finding from the Google Hacking Inquiry was only that
> you
> >> had not published your source code.  The consequence, as determined by
> the
> >> Board, was a 3 month suspension of your OWASP membership.  Can you
> please
> >> tell me why you feel that the original 3 month suspension turned into a
> full
> >> membership revocation?
> >>
> >> 2) I believe the original revocation was supposed to have been for a two
> >> year term which would have ended several years ago.  Did you ask to have
> >> your membership reinstated?  Why do you feel that the revocation is
> still in
> >> place after that original revocation was up?
> >>
> >> 3) Even recently there have been negative communications from yourself
> to
> >> OWASP members both via the mailing list and in private.  Can you please
> >> explain your reasoning behind these negative communications?
> >>
> >> 4) You have requested of the Board to reinstate your OWASP membership.
> >> Can you please explain why you feel that the membership revocation
> should be
> >> lifted and your OWASP membership be reinstated?
> >>
> >> 5) Can you please tell me what your intent would be if the Board were to
> >> rule in favor of having your membership reinstated?  Would you
> participate
> >> in OWASP as a positive contributor?  Would you be willing to lay aside
> any
> >> negative feelings and abide by the OWASP Code of Ethics?"  (Wed, Jan 29,
> >> 2014 at 2:55 PM "Topics of Discussion for This Weeks Call")
> >
> >
> > Your requests to assist you are just attempts to draw OWASP into your own
> > personal grudges with others.  The OWASP Board has no place in helping
> you
> > do whatever it is you think you're doing with these people and it is
> > completely out of the scope of your request for reinstatement, which you
> > have now requested us to drop.
> >
> > I have absolutely nothing to hide and my e-mails above show that I have
> made
> > every attempt to make my communications with you completely transparent.
>  It
> > is you, Sir, that has requested that certain records not be released in
> > public.  If anyone is trying to hide something, it is you.
> >
> > I support 100% whatever Martin would like to do here.  If that means
> taking
> > an independent inquiry, I am quite confident that he will come to the
> same
> > conclusions that everyone else has come to.
> >
> > I find it repulsive that you say that the Board is taking shortcuts on
> this.
> > I have spoken with over a dozen people related to you and your behavior.
>  I
> > have requested now, three times, the names and contact information for
> those
> > you would like me to speak who support you, and you continue to ignore
> the
> > request.  Just because I have refused to involve myself or the Board in
> your
> > personal grudges, does not mean that we've taken the shortcut.  It means
> > that I recognize that the scope of our engagement was the Google Hacking
> > Inquiry and your request for reinstatement.  Everything else is simply
> your
> > attempt to waste time and deflect attention to others instead of
> yourself.
> >
> > Given what I've stated above, let me be clear.  You have now elected to
> take
> > two shots at my integrity when I have been completely open about
> everything
> > here.  I no longer have the time to engage you in these discussions as
> they
> > are no longer productive and have again gone negative.  I'm going to ask
> you
> > to please deal directly with Martin going forward as I no longer feel
> that I
> > can remain unbiased in this matter.  You've now taken two shots at my
> > integrity.  If you do it again, I would be happy to release all records
> of
> > our communications to the public as I have absolutely nothing to hide.
>  It
> > is you that has asked for them not to be shared.
> --
> Regards,
> Christian Heinrich
> http://cmlh.id.au/contact
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/governance/attachments/20140222/bba59aa6/attachment-0001.html>

More information about the Governance mailing list