[Governance] Termination - Request for Artifact(s)

Dennis Groves dennis.groves at owasp.org
Sun Feb 23 05:30:16 UTC 2014

Let me clarify my writing also:

I said "When I founded OWASP" however, this was a figure of speech - to be
very, very clear I alone did not found OWASP!
Mark Curphey & Myself along with *many, many* others worked together to
bring it into existence (apologies to the many unnamed who participated).


On Sun, Feb 23, 2014 at 8:26 AM, Dennis Groves <dennis.groves at owasp.org>wrote:

> The "O" in open as I intended it at the founding - was "O" Open
> Consumption = eg anybody may consume owasp materials without restriction.
> It was also "O" open as in governing transparency because I believe that
> opacity is a necessary condition for corruption; thus transparency is the
> most efficacious treatment against corruption.
> It was not "O" open to participate, "O" open to lead. At least not in the
> way that I perceive people talking about it.
> Mark and I would "weed the garden" of participants in the early days from
> people who caused allergic reactions within the community...
> We need capable leaders with a vision who can rally the community around
> that vision and those whom rise to that challenge have a duty of
> transparency as their influence becomes governance.
> This is similar to the idea of  'soft-security' on a wiki. If the
> community has an allergic reaction to you Christian - there is nothing I
> nor anybody other than you can do about it. You alone must choose to comply
> or not with the community wishes. You are still free to consume OWASP
> publications and projects.
> I find this all to be a very disturbing and unfortunate series of
> miss-communications and escalations that have oscillated to the point where
> an alternative steady state has already been reached.
> Cheers,
> Dennis
> On Sun, Feb 23, 2014 at 3:56 AM, Christian Heinrich <
> christian.heinrich at cmlh.id.au> wrote:
>> Josh,
>> As you have cited "Open in OWASP" can you please release to me:
>> 1. A list of the people that you spoke to (without my knowledge or
>> authorisation).
>> 2. Read only access to the audio recording and written statements of
>> Brad Causey, Chris Gatford, Jason Li, Dinis Cruz and all other people
>> provided in 1. above?
>> The above is to ensure fairness related to:
>> 1. http://en.wikipedia.org/wiki/Witness_impeachment and;
>> 2. Your [Josh] own concern related to accusations of character
>> assassination within OWASP in the past.
>> For the record I have made the above request in the past which you
>> [Josh] outright refused.  Yet you [Josh] have requested to release the
>> recording of the conference calls with me and also claimed to have
>> "nothing to hide".
>> You [Josh] admit below that these "questions" are ambiguous and
>> intended to elect a free flowing discussion (not a yes/no response) to
>> capture a much greater scope then what you claimed was a possible
>> agenda prior to the conference call.  Some of your statements are
>> wrong and/or not based on fact either.   You never asked me these
>> questions during the conference call and neither was I unable to
>> reject them as you would have terminated the call.
>> Based on
>> http://lists.owasp.org/pipermail/owasp-board/2014-February/013230.html
>> the OWASP Board has once again undertaken a "short cut" and will
>> mislead the OWASP Leaders that a vote was held for my membership
>> reinstatement and have deliberately sought to have me removed
>> permanently from OWASP with the creation of "new" conditions intended
>> to be enforced against me retrospectively and ongoing without prior
>> notice or warning.
>> I would recommend you, as an OWASP Board Member, desist from posting
>> further threats and comment on the governance mailing list as their
>> sole purpose is entrapment and to influence public opinion against me,
>> including the independent audit of the lack of due process related to
>> my termination, by inferring that I am unreasonable and have something
>> to hide.
>> I seek the path of lest resistance in resolving this dispute with the
>> OWASP Board and a positive outcome for all involved.
>> On Sat, Feb 22, 2014 at 5:42 PM, Josh Sokol <josh.sokol at owasp.org> wrote:
>> > Christian,
>> >
>> >> "You are more than welcome to schedule an interview for on the record
>> >> comment provided a list of question are agreed upon beforehand?"
>> >
>> >
>> > This was the exact purpose of these two previous interviews.  I'm not
>> sure
>> > what you thought the point of it was if it was not on the record.  I
>> > certainly would not want to waste my time with a conversation that would
>> > serve no purpose.  I could not possibly "induce" an audio interview
>> that you
>> > requested, and attended, knowing in advance that I had scheduled it via
>> > GoToMeeting with the intent of recording it for our records as well as
>> > yours.  To support this:
>> >
>> >> "Not following the "O" in "OWASP" has bit us many times in the past
>> and in
>> >> a situation like this where claims have been made around character
>> >> assassination, I feel quite strongly that all of these discussions
>> should
>> >> take place on record."
>> >> (http://lists.owasp.org/pipermail/owasp-board/2014-January/012946.html
>> )
>> >
>> >
>> > AND
>> >
>> >> My statement about a public call was not a joke.  It was based on your
>> >> request that this discussion be held in the light.  I can't speak for
>> how
>> >> the Board has done things in the past, but unless you specifically
>> desire to
>> >> have the discussions private, then I believe they shouldn't be.  My
>> actions
>> >> as a Board member should be performed in full view of the members who
>> >> elected me.  Because of this, I have waived my right to privacy on this
>> >> matter as well.  There is no alterior motive, only a desire for
>> >> transparency.
>> >> (http://lists.owasp.org/pipermail/owasp-board/2014-January/013009.html
>> )
>> >
>> >
>> > And this from you, but it was not sent to the mailing list.  That said,
>> all
>> > of the Board members plus Kate and Sarah received it:
>> >
>> >> I have no objection to recording the call provided I receive a list of
>> >> questions prior so there aren't any "surprises" related to entrapment.
>> (Thu,
>> >> Jan 16, 2014 at 7:34 PM "Re: Fwd: Josh & Christian - Conference Call")
>> >
>> >
>> > You agreed to the call and you agreed to the recording.  It was only
>> once
>> > you got on the call that you cited "inducement" and I offered to
>> terminate
>> > the call at that point.
>> >
>> > Your statement that you were not provided a list of questions is just
>> > straight up lies and I'm going to call you on that as well.  I made
>> several
>> > attempts to allow you to generate the list of questions yourself due to
>> your
>> > threats of entrapment.
>> >
>> >> "I certainly would hate to be accused of entrapment.  That said, I
>> want to
>> >> ensure that you have the opportunity to speak your mind and worry that
>> I may
>> >> not ask the right questions for you to do so.  Perhaps it would make
>> sense
>> >> if you wrote down some questions for me to consider?  I could tailor
>> them a
>> >> bit if necessary (and will provide in advance of course) but it would
>> both
>> >> save me time in generating them myself and ensures that you have the
>> >> opportunity to say what you need to say.  I will warn, however, that
>> our
>> >> conversation loses its candidness with this approach and it really
>> becomes
>> >> more like me taking a prepared statement rather than having a
>> conversation.
>> >> But I would like to hear what you have to say, so if that's what you're
>> >> comfortable with, it works for me." (Thu, Jan 16, 2014 at 9:55 PM "Re:
>> Fwd:
>> >> Josh & Christian - Conference Call")
>> >
>> >
>> > When you failed to generate the list of questions, I responded as
>> follows:
>> >
>> >> I would gladly hear your views on the Google Hacking inquiry and any
>> >> assertions you have as to why the information in it may be inaccurate
>> and/or
>> >> the penalty unjust.  I would gladly hear your views on why you feel
>> that
>> >> your suspension ultimately turned into a full membership revocation.  I
>> >> would gladly hear your views on why you feel that the membership
>> revocation
>> >> has lasted as long as it has.  More importantly, I would gladly hear
>> your
>> >> views on why you feel that the membership revocation should be lifted
>> and
>> >> your membership reinstated.  I would like to hear your views on the
>> >> rationale behind the recent commotion on the mailing lists and private
>> >> communications and why this is different from the activity which got
>> your
>> >> membership revoked previously.  And most important in my mind, I would
>> like
>> >> to hear your views on your intent should your membership me
>> reinstated.  The
>> >> Board reinstating your membership is equivalent to OWASP forgiving any
>> past
>> >> actions and is a statement that we are willing to move forward with
>> you as
>> >> part of the organization.  Are you willing and able to do the same?
>>  Those
>> >> are the questions that you should expect from me on the call since you
>> do
>> >> not seem interested in taking me up on my offer to allow you to
>> generate the
>> >> questions yourself.  (Sun, Jan 19, 2014 at 3:15 AM "Re: Fwd: Josh &
>> >> Christian - Conference Call")
>> >
>> >
>> > The questions for the second call were even more explicit:
>> >
>> >> "the following are the questions and topics that I would like to
>> >> ask/discuss during our call later this week:
>> >>
>> >> 1) The original finding from the Google Hacking Inquiry was only that
>> you
>> >> had not published your source code.  The consequence, as determined by
>> the
>> >> Board, was a 3 month suspension of your OWASP membership.  Can you
>> please
>> >> tell me why you feel that the original 3 month suspension turned into
>> a full
>> >> membership revocation?
>> >>
>> >> 2) I believe the original revocation was supposed to have been for a
>> two
>> >> year term which would have ended several years ago.  Did you ask to
>> have
>> >> your membership reinstated?  Why do you feel that the revocation is
>> still in
>> >> place after that original revocation was up?
>> >>
>> >> 3) Even recently there have been negative communications from yourself
>> to
>> >> OWASP members both via the mailing list and in private.  Can you please
>> >> explain your reasoning behind these negative communications?
>> >>
>> >> 4) You have requested of the Board to reinstate your OWASP membership.
>> >> Can you please explain why you feel that the membership revocation
>> should be
>> >> lifted and your OWASP membership be reinstated?
>> >>
>> >> 5) Can you please tell me what your intent would be if the Board were
>> to
>> >> rule in favor of having your membership reinstated?  Would you
>> participate
>> >> in OWASP as a positive contributor?  Would you be willing to lay aside
>> any
>> >> negative feelings and abide by the OWASP Code of Ethics?"  (Wed, Jan
>> 29,
>> >> 2014 at 2:55 PM "Topics of Discussion for This Weeks Call")
>> >
>> >
>> > Your requests to assist you are just attempts to draw OWASP into your
>> own
>> > personal grudges with others.  The OWASP Board has no place in helping
>> you
>> > do whatever it is you think you're doing with these people and it is
>> > completely out of the scope of your request for reinstatement, which you
>> > have now requested us to drop.
>> >
>> > I have absolutely nothing to hide and my e-mails above show that I have
>> made
>> > every attempt to make my communications with you completely
>> transparent.  It
>> > is you, Sir, that has requested that certain records not be released in
>> > public.  If anyone is trying to hide something, it is you.
>> >
>> > I support 100% whatever Martin would like to do here.  If that means
>> taking
>> > an independent inquiry, I am quite confident that he will come to the
>> same
>> > conclusions that everyone else has come to.
>> >
>> > I find it repulsive that you say that the Board is taking shortcuts on
>> this.
>> > I have spoken with over a dozen people related to you and your
>> behavior.  I
>> > have requested now, three times, the names and contact information for
>> those
>> > you would like me to speak who support you, and you continue to ignore
>> the
>> > request.  Just because I have refused to involve myself or the Board in
>> your
>> > personal grudges, does not mean that we've taken the shortcut.  It means
>> > that I recognize that the scope of our engagement was the Google Hacking
>> > Inquiry and your request for reinstatement.  Everything else is simply
>> your
>> > attempt to waste time and deflect attention to others instead of
>> yourself.
>> >
>> > Given what I've stated above, let me be clear.  You have now elected to
>> take
>> > two shots at my integrity when I have been completely open about
>> everything
>> > here.  I no longer have the time to engage you in these discussions as
>> they
>> > are no longer productive and have again gone negative.  I'm going to
>> ask you
>> > to please deal directly with Martin going forward as I no longer feel
>> that I
>> > can remain unbiased in this matter.  You've now taken two shots at my
>> > integrity.  If you do it again, I would be happy to release all records
>> of
>> > our communications to the public as I have absolutely nothing to hide.
>>  It
>> > is you that has asked for them not to be shared.
>> --
>> Regards,
>> Christian Heinrich
>> http://cmlh.id.au/contact
>> _______________________________________________
>> Governance mailing list
>> Governance at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/governance
> --
> Dennis Groves <http://about.me/dennis.groves>, MSc
> Email me, <dennis.groves at owasp.org> or schedule a meeting<http://goo.gl/8sPIy>
> .
> *This email is licensed under a CC BY-ND 3.0
> <http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB> license.*
> Stand up for your freedom to install free software.<http://www.fsf.org/campaigns/secure-boot/statement>
> Please do not send me Microsoft Office/Apple iWork documents.
> Send OpenDocument <http://fsf.org/campaigns/opendocument/> instead!
> <http://www.owasp.org/>

Dennis Groves <http://about.me/dennis.groves>, MSc
Email me, <dennis.groves at owasp.org> or schedule a meeting<http://goo.gl/8sPIy>
*This email is licensed under a CC BY-ND 3.0
<http://creativecommons.org/licenses/by-nd/3.0/deed.en_GB> license.*
Stand up for your freedom to install free
Please do not send me Microsoft Office/Apple iWork documents.
Send OpenDocument <http://fsf.org/campaigns/opendocument/> instead!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/governance/attachments/20140223/285e1da7/attachment-0001.html>

More information about the Governance mailing list