Josh Sokol josh.sokol at owasp.org
Tue Feb 25 23:29:47 UTC 2014

*Evidence to Christian's first objection:*

Christian is now directly contradicting what he stated on an e-mail to the
governance list two days ago:

"The root cause of this entire issue is that had Dinis Cruz provided me
with complaint by Andre Ludwig i.e.
http://lists.owasp.org/pipermail/owasp-board/2010-June/008481.html and
elected to investigate Chris Gatford of the OWASP Sydney Chapter as the
"unverified sources" then this entire issue would have been resolved
without the long term damage to my career and standing within the security
community in which Chris Gatford has subsequently formed relationship with
at the exclusion OWASP i.e. RUXCON, AusCERT, AISA, etc."

("Re: [Governance] Termination - Request for Artifact(s)" - Sun, Feb 23,
2014 at 6:39 PM)

*Regarding Christian's Second Objection:*

Now we have an indirect reference to me being "Internet Security"?  OK, I
am a lot of things, but I am clearly not "Internet Security".  This isn't
evidence.  This is ridiculous.

*Regarding Christian's Third Objection:*

Chris Gatford is actually the one who said that Christian attempted to pull
down his pants.  I was merely restating what I was told.  And not only was
Christian consulted on this, he provided a response to me and Tobias.
Again, contradicting himself.

"You can see from the above that a reasonable person won't conclude
that his claim that I attempted to "pull down his pants" is just
another example of hearsay and rumour in which to divert the OWASP
Board attention from the evidence related to his direct involvement in
the Google Hacking Inquiry.

Please keep this in mind next time you approach him."

("Re: Chris Gatford - False Claim of Assault" - Thu, Jan 30, 2014 at 9:18

Once again, I will state that this is Christian making assumptions about
what was discussed in my interview with Chris Gatford.  As he was not
there, and has not heard the recording, this is false speculation.  I have
asked that he have the police contact me directly and have received no such
response.  I have asked for clarification and evidence regarding the claim
of "Code of Ethics violations" that Christian has made against me and have
received none.  In addition, I would like to point out that this is
Christian's attempt to seek vengeance upon me for my failed attempt to seek
peace between him and the OWASP Foundation.  Assuming that no evidence is
presented (it can't because it doesn't exist), and no crime has been
committed, I would like for this to be added to the official record for
consideration when judging Christian's contributions to the OWASP
Foundation.  It is yet another example of Christian's attempts to damage
the OWASP Foundation as indicated by him in a tweet to Jim Manico on
4/23/2013 10:23 AM.  "@manico Then I'll just continue to damage @owasp but
then again it does damage itself so well already"  This attack on my
integrity is baseless and unfounded and should be summarily dismissed.


On Tue, Feb 25, 2014 at 4:35 PM, Christian Heinrich <
christian.heinrich at cmlh.id.au> wrote:

> To clarify Josh's numerous incorrect allegations:
> On Wed, Feb 26, 2014 at 2:27 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
> > In regards to contacting Chris Gatford without Christian's knowledge,
> this
> > is partially correct, but is irrelevant.  Christian stated on numerous
> > occasions that Chris Gatford was behind the original reporting of no
> source
> > code for the Google Hacking Inquiry as well as accusations that Chris
> was a
> > liar and could not be trusted.  At one point in his communications,
> > Christian even chastised the Board for having NOT communicated with Chris
> > Gatford during the initial inquiry.  Since I was entrusted by the Board
> to
> > find the details of the inquiry, this became part of my investigation.  I
> > maintain that I have no obligation to discuss with Christian who I speak
> > with on this matter.  In fact, if I did so, this would actually indicate
> a
> > bias toward Christian.  Also, while Christian was not informed
> beforehand of
> > my intent to communicate with Chris Gatford, he was most certainly told
> > afterward.
> Josh is incorrect yet again.
> Brad Causey spoke to Chris Gatford during and after the OWASP Google
> Hacking Inquiry yet indicated that a complaint related to the Sydney
> Chapter would be followed up by the Chapter Committee:
> - http://lists.owasp.org/pipermail/owasp-board/2010-September/009022.html
> - https://lists.owasp.org/pipermail/owasp-board/2010-October/009205.html
> - https://lists.owasp.org/pipermail/owasp-board/2010-November/009225.html
> On Wed, Feb 26, 2014 at 2:27 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
> > As for "false complaint that is possibly supported by the adverse
> comments
> > Josh Sokol made against me during their recorded conference call", this
> is
> > pure speculation and has no backing by any evidence.  To be blunt, there
> > isn't even a record of the police calling Christian or a statement from
> his
> > mother.  And despite my saying that I would be happy to speak with the
> > police on this matter, I have received no such contact from a member of
> the
> > NSW Police.  Could you please inquire with Christian as to what date the
> > formal complaint was lodged with the police by Chris Gatford and have him
> > obtain the public record of this complaint?  This is the evidence that
> would
> > prove or disprove Christian's purported "timeline", show that the police
> > were contacted on this matter, and determine whether my name was
> mentioned
> > at all.  Without such record, I'm not sure why we are even entertaining
> this
> > request.
> Josh is incorrect again.
> NSW Police made an indirect reference to Josh i.e. "Internet Security"
> and I clarified this as OWASP.
> On Wed, Feb 26, 2014 at 2:27 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
> > Even if you do not agree that it should be summarily dismissed as
> baseless
> > and unfounded, I have provided you (Martin) with access to the ~15 minute
> > recording where at no point do I say or even allude that Christian is
> > seeking vengeance, since that is the only tangible complaint that
> Christian
> > has voiced.  For one, this would be completely unprofessional and, for
> two,
> > it would indicate a bias, which I had none at the time.  I asked Chris
> basic
> > questions in regards to the Google Hacking Inquiry and the speculated
> > participation by Chris in said event.  When you listen to the call, you
> will
> > at no point witness a violation of the OWASP Code of Ethics.
> Again Josh is incorrect.
> Josh implied that I allegedly "tried to pull down [Chris Gatford]
> pants" without allowing me to address this false accusation and/or
> hearsay.
> --
> Regards,
> Christian Heinrich
> http://cmlh.id.au/contact
> _______________________________________________
> Governance mailing list
> Governance at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/governance
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/governance/attachments/20140225/07d31b0c/attachment-0001.html>

More information about the Governance mailing list