Josh Sokol josh.sokol at owasp.org
Tue Feb 25 15:27:42 UTC 2014

Removing Christian as he has requested not to receive further
communications from me.

In regards to contacting Chris Gatford without Christian's knowledge, this
is partially correct, but is irrelevant.  Christian stated on numerous
occasions that Chris Gatford was behind the original reporting of no source
code for the Google Hacking Inquiry as well as accusations that Chris was a
liar and could not be trusted.  At one point in his communications,
Christian even chastised the Board for having NOT communicated with Chris
Gatford during the initial inquiry.  Since I was entrusted by the Board to
find the details of the inquiry, this became part of my investigation.  I
maintain that I have no obligation to discuss with Christian who I speak
with on this matter.  In fact, if I did so, this would actually indicate a
bias toward Christian.  Also, while Christian was not informed beforehand
of my intent to communicate with Chris Gatford, he was most certainly told

As for "false complaint that is possibly supported by the adverse comments
Josh Sokol made against me during their recorded conference call", this is
pure speculation and has no backing by any evidence.  To be blunt, there
isn't even a record of the police calling Christian or a statement from his
mother.  And despite my saying that I would be happy to speak with the
police on this matter, I have received no such contact from a member of the
NSW Police.  Could you please inquire with Christian as to what date the
formal complaint was lodged with the police by Chris Gatford and have him
obtain the public record of this complaint?  This is the evidence that
would prove or disprove Christian's purported "timeline", show that the
police were contacted on this matter, and determine whether my name was
mentioned at all.  Without such record, I'm not sure why we are even
entertaining this request.

Standing as the accused, I am still unclear as to what exactly I have been
accused with.  My attempt to seek clarification and evidence on the
following were ignored:

1) What law or ethical principle have I broken?
> 2) Where is my conflict of interest or how have I damaged the reputation
> of employers, the profession, or the association?
> 3) How have I INTENTIONALLY injured or impugned the professional
> reputation of colleagues, clients, or employers?  Who?
> 4) Who have I been disrespectful to and in what way?
> 5) What relationship do I have that impairs OWASPs objectivity and
> independence?

Even if you do not agree that it should be summarily dismissed as baseless
and unfounded, I have provided you (Martin) with access to the ~15 minute
recording where at no point do I say or even allude that Christian is
seeking vengeance, since that is the only tangible complaint that Christian
has voiced.  For one, this would be completely unprofessional and, for two,
it would indicate a bias, which I had none at the time.  I asked Chris
basic questions in regards to the Google Hacking Inquiry and the speculated
participation by Chris in said event.  When you listen to the call, you
will at no point witness a violation of the OWASP Code of Ethics.

My direct communications with Christian have ceased and I'd request that he
do the same in regards to contacting me as well.  However, as I have a
right to know what I am accused of, as well as a right to see any and all
evidence presented against me, I request that all evidence by Christian be
tendered here, on the Governance list, for myself and all OWASP members to
see.  I am a servant of our community and I am more than happy to have my
actions, and their merits, judged in the public light.  Thank you.


Josh Sokol

On Mon, Feb 24, 2014 at 11:07 PM, Christian Heinrich <
christian.heinrich at cmlh.id.au> wrote:

> Martin,
> I have condensed the core ethical and legal issue below and will
> address your other items tomorrow.
> On Mon, Feb 24, 2014 at 9:16 PM, Martin Knobloch
> <martin.knobloch at owasp.org> wrote:
> > #2 why would the above result in a phone call of the police department
> > It is not clear to me why a constable would initiate a call because a
> anyone
> > has contacted Chris.
> The agreed timeline is that Josh Sokol contacted Chris Gatford without
> my knowledge and at the conclusion of their conference call Chris then
> walked the one block from his office in Manly Corso to Manly Corso
> Police Station to file a false complaint that is possibly supported by
> the adverse comments Josh Sokol made against me during their recorded
> conference call.
> NSW Police are concerned that I ignored their advice not to contact
> Chris Gatford after he filed continued false allegations with no
> supporting evidence in the past.  I suspect that their conclusion is
> that I am innocent beyond a reasonable doubt but this depends on the
> adverse comments Josh Sokol made during their conference call, such as
> his instance that I am seeking "vengeance" which I clearly am not.
> Please let me know if my understanding of
> https://www.owasp.org/index.php/Governance/Whistleblower_Policy#Reporting_Procedure
> is incorrect and ethical violations are out of your scope?
> I will restate that I do *not* wish to receive further contact from
> Josh Sokol or his representation of me to Chris Gatford.
> --
> Regards,
> Christian Heinrich
> http://cmlh.id.au/contact
> _______________________________________________
> Governance mailing list
> Governance at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/governance
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/governance/attachments/20140225/61d9876f/attachment.html>

More information about the Governance mailing list