Tobias tobias.gondrom at owasp.org
Tue Feb 25 23:04:25 UTC 2014

Hello all,

just for the information of the governance list:
I attended the mentioned calls and listened to them carefully. And I
have to clearly state: all of Josh's statements were correct. And
Christian's claims and allegations that Josh would be incorrect are just
plain false.

I am not sure whether Christian is deliberately lying to cause harm to
Josh or disrupt the community or is just forgetting what was said and
filling the blanks with his imagination.

Nonetheless, I feel that the constant misrepresentations and false
allegations by Christian make it necessary for me to clarify that
Christian's allegations are false and Josh's statements are in fact

Unfortunately, Christian does not agree with the publication of the
recordings of said conversations, so the community could listen
themselves. So it becomes now necessary for me to step up as another
person who attended these calls to make the above clarification.

Best regards, Tobias

Tobias Gondrom
Global Board Member

On 25/02/14 22:35, Christian Heinrich wrote:
> To clarify Josh's numerous incorrect allegations:
> On Wed, Feb 26, 2014 at 2:27 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
>> In regards to contacting Chris Gatford without Christian's knowledge, this
>> is partially correct, but is irrelevant.  Christian stated on numerous
>> occasions that Chris Gatford was behind the original reporting of no source
>> code for the Google Hacking Inquiry as well as accusations that Chris was a
>> liar and could not be trusted.  At one point in his communications,
>> Christian even chastised the Board for having NOT communicated with Chris
>> Gatford during the initial inquiry.  Since I was entrusted by the Board to
>> find the details of the inquiry, this became part of my investigation.  I
>> maintain that I have no obligation to discuss with Christian who I speak
>> with on this matter.  In fact, if I did so, this would actually indicate a
>> bias toward Christian.  Also, while Christian was not informed beforehand of
>> my intent to communicate with Chris Gatford, he was most certainly told
>> afterward.
> Josh is incorrect yet again.
> Brad Causey spoke to Chris Gatford during and after the OWASP Google
> Hacking Inquiry yet indicated that a complaint related to the Sydney
> Chapter would be followed up by the Chapter Committee:
> - http://lists.owasp.org/pipermail/owasp-board/2010-September/009022.html
> - https://lists.owasp.org/pipermail/owasp-board/2010-October/009205.html
> - https://lists.owasp.org/pipermail/owasp-board/2010-November/009225.html
> On Wed, Feb 26, 2014 at 2:27 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
>> As for "false complaint that is possibly supported by the adverse comments
>> Josh Sokol made against me during their recorded conference call", this is
>> pure speculation and has no backing by any evidence.  To be blunt, there
>> isn't even a record of the police calling Christian or a statement from his
>> mother.  And despite my saying that I would be happy to speak with the
>> police on this matter, I have received no such contact from a member of the
>> NSW Police.  Could you please inquire with Christian as to what date the
>> formal complaint was lodged with the police by Chris Gatford and have him
>> obtain the public record of this complaint?  This is the evidence that would
>> prove or disprove Christian's purported "timeline", show that the police
>> were contacted on this matter, and determine whether my name was mentioned
>> at all.  Without such record, I'm not sure why we are even entertaining this
>> request.
> Josh is incorrect again.
> NSW Police made an indirect reference to Josh i.e. "Internet Security"
> and I clarified this as OWASP.
> On Wed, Feb 26, 2014 at 2:27 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
>> Even if you do not agree that it should be summarily dismissed as baseless
>> and unfounded, I have provided you (Martin) with access to the ~15 minute
>> recording where at no point do I say or even allude that Christian is
>> seeking vengeance, since that is the only tangible complaint that Christian
>> has voiced.  For one, this would be completely unprofessional and, for two,
>> it would indicate a bias, which I had none at the time.  I asked Chris basic
>> questions in regards to the Google Hacking Inquiry and the speculated
>> participation by Chris in said event.  When you listen to the call, you will
>> at no point witness a violation of the OWASP Code of Ethics.
> Again Josh is incorrect.
> Josh implied that I allegedly "tried to pull down [Chris Gatford]
> pants" without allowing me to address this false accusation and/or
> hearsay.

More information about the Governance mailing list