Christian Heinrich christian.heinrich at cmlh.id.au
Tue Feb 25 22:35:34 UTC 2014

To clarify Josh's numerous incorrect allegations:

On Wed, Feb 26, 2014 at 2:27 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
> In regards to contacting Chris Gatford without Christian's knowledge, this
> is partially correct, but is irrelevant.  Christian stated on numerous
> occasions that Chris Gatford was behind the original reporting of no source
> code for the Google Hacking Inquiry as well as accusations that Chris was a
> liar and could not be trusted.  At one point in his communications,
> Christian even chastised the Board for having NOT communicated with Chris
> Gatford during the initial inquiry.  Since I was entrusted by the Board to
> find the details of the inquiry, this became part of my investigation.  I
> maintain that I have no obligation to discuss with Christian who I speak
> with on this matter.  In fact, if I did so, this would actually indicate a
> bias toward Christian.  Also, while Christian was not informed beforehand of
> my intent to communicate with Chris Gatford, he was most certainly told
> afterward.

Josh is incorrect yet again.

Brad Causey spoke to Chris Gatford during and after the OWASP Google
Hacking Inquiry yet indicated that a complaint related to the Sydney
Chapter would be followed up by the Chapter Committee:
- http://lists.owasp.org/pipermail/owasp-board/2010-September/009022.html
- https://lists.owasp.org/pipermail/owasp-board/2010-October/009205.html
- https://lists.owasp.org/pipermail/owasp-board/2010-November/009225.html

On Wed, Feb 26, 2014 at 2:27 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
> As for "false complaint that is possibly supported by the adverse comments
> Josh Sokol made against me during their recorded conference call", this is
> pure speculation and has no backing by any evidence.  To be blunt, there
> isn't even a record of the police calling Christian or a statement from his
> mother.  And despite my saying that I would be happy to speak with the
> police on this matter, I have received no such contact from a member of the
> NSW Police.  Could you please inquire with Christian as to what date the
> formal complaint was lodged with the police by Chris Gatford and have him
> obtain the public record of this complaint?  This is the evidence that would
> prove or disprove Christian's purported "timeline", show that the police
> were contacted on this matter, and determine whether my name was mentioned
> at all.  Without such record, I'm not sure why we are even entertaining this
> request.

Josh is incorrect again.

NSW Police made an indirect reference to Josh i.e. "Internet Security"
and I clarified this as OWASP.

On Wed, Feb 26, 2014 at 2:27 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
> Even if you do not agree that it should be summarily dismissed as baseless
> and unfounded, I have provided you (Martin) with access to the ~15 minute
> recording where at no point do I say or even allude that Christian is
> seeking vengeance, since that is the only tangible complaint that Christian
> has voiced.  For one, this would be completely unprofessional and, for two,
> it would indicate a bias, which I had none at the time.  I asked Chris basic
> questions in regards to the Google Hacking Inquiry and the speculated
> participation by Chris in said event.  When you listen to the call, you will
> at no point witness a violation of the OWASP Code of Ethics.

Again Josh is incorrect.

Josh implied that I allegedly "tried to pull down [Chris Gatford]
pants" without allowing me to address this false accusation and/or

Christian Heinrich


More information about the Governance mailing list