Michael Coates michael.coates at owasp.org
Mon Feb 24 07:36:51 UTC 2014

I think there is confusion over Martin's role. We have a whistle blower
policy (https://www.owasp.org/index.php/Governance/Whistleblower_Policy)
that is for a very specific purpose. Please read relevant documentation
about US law, non-profits and whistle blowers if you are interested in more

Martin is serving within the compliance officer role. His duties are also
documented in the OWASP whistle blower policy (
If a relevant item is brought to his attention he'll determine if it
qualifies as a relevant event, he'll investigate, and provide a report.

The compliance officer role is not a role that receives arbitrary requests,
such as a request to place conditions on board members or others in owasp.
So, Christian, while you may disagree with the actions that someone has
taken, that does not mean you are able to insist Martin or others take any
actions that you request. Martin will operate within his compliance officer
role and not at the behest of any random requests from you.

Christian, I have a busy week with doing good for OWASP. If you have
legitimate questions I'll do my best to respond. However, if your response
to my email is aggressive or attacks me then it will have to wait until a
later time for a response.


Michael Coates

On Sun, Feb 23, 2014 at 9:17 PM, Christian Heinrich <
christian.heinrich at cmlh.id.au> wrote:

> Martin,
> I would like to bring to your attention the following statement made by
> Josh Sokol of *who did not seek my permission to contact Chris Gatford*:
> *---------- Forwarded message ----------*
> *From: Josh Sokol <josh.sokol at owasp.org <josh.sokol at owasp.org>>*
>  *Date: Thu, Jan 30, 2014 at 7:55 AM*
> *Subject: Topics of Discussion for This Weeks Call*
> *To: "christian.heinrich at cmlh.id.au <christian.heinrich at cmlh.id.au>"
> <christian.heinrich at cmlh.id.au <christian.heinrich at cmlh.id.au>>*
> *[SNIP - Content Irrelevant]*
> *I want to call out a specific section of the OWASP Code of Ethics
> (https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Code_of_Ethics
> <https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Code_of_Ethics>)
> that reads: "Treat everyone with respect and dignity".  In order to not
> serve any bias in my research, I had a call with Christ Gatford last night
> where he stated that you had a physical altercation with him very recently
> where you tried to pull down his pants.*
> *[SNIP - Content Irrelevant]*
> As of Friday my mother has complained to me about receiving continued
> telephone calls from a Constable at Manly Police Station.
> I spoke to the Constable yesterday (Sunday) just after 6PM and informed
> him that Josh Sokol of OWASP had made contact with Chris Gatford and this
> has prompted Chris Gatford to file a false allegation with NSW Police
> possibly due to Josh's continued and [false] claim that I am "seeking
> vengeance" against Chris Gatford which is nothing more than hearsay, false
> and untrue.
> I expect that the NSW Police will request the confidential recording of
> all conference calls so I will request that they are *not destroyed so
> they can be tendered into evidence*.  This is not permission to publish
> the conference call to the public of either Chris Gatford or I.
> I expect that as in the past that I the NSW Police have already determined
> due to lack of evidence that I am *innocent beyond a reasonable doubt* to
> yet another false allegation made by Chris Gatford to NSW Police that the
> rumour mill will once again attempt smear me with possible criminal dealing
> based on unwarranted and knee jerk decisions made by particular OWASP Board
> Members without any supporting evidence and regard to the fact that I have
> maintained an unblemished criminal record that has resulted in lost
> opportunities as Josh Sokol decided on a whim to contact with Chris Gatford
> who resigned from OWASP in August 2012 i.e.
> http://lists.owasp.org/pipermail/owasp-sydney/2013-January/000177.html
> As Josh's insists on citing
> https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Code_of_Ethicsthen I would like to *formally
> request to bring Josh to account with his stated ethics* specifically:
>    - *Perform all professional activities and duties in accordance with
>    all applicable laws and the highest ethical principles;*
>    - *Refrain from any activities which might constitute a conflict of
>    interest or otherwise damage the reputation of employers, the information
>    security profession, or the Association;*
>    - *Not intentionally injure or impugn the professional reputation of
>    practice of colleagues, clients, or employers;*
>    - *Treat everyone with respect and dignity; and*
>    - *To avoid relationships that impair -- or may appear to impair --
>    OWASP's objectivity and independence.*
> I also want a condition placed on Josh Sokol revoked OWASP membership that *desists
> further contact with me and his unwarranted representation of me to Chris
> Gatford*.
> I would like to highlight that had Josh *not* ignored my continued warning
> then OWASP would not have been drawn into something that will cause it
> unwanted attention in the public domain as had been brought about with the
> OWASP Google Hacking Inquiry.
> _______________________________________________
> Governance mailing list
> Governance at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/governance
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/governance/attachments/20140223/d83830a3/attachment-0001.html>

More information about the Governance mailing list