[Governance] Formal Complaint Against Josh Sokol

Christian Heinrich christian.heinrich at cmlh.id.au
Thu May 15 21:44:21 UTC 2014


Martin,

On Fri, May 16, 2014 at 1:59 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
> Norman says differently in the e-mail Christian referenced earlier.  "I've
> recently returned to my day job from a period of leave, and upon checking my
> email, I was most pleasantly surprised to find an email regarding our good
> friend cmlh. Apparently, he has some kind of subpoena against OWASP?"  If
> Christian says he never contacted Norman, then perhaps I misunderstood "find
> an email regarding our good friend cmlh" to mean that Christian contacted
> him instead of him meaning that he read another e-mail related to the
> matter.  If I misinterpreted, then I'm sorry.  I thought that you had
> carried out the action that you had threatened us with mid-April.  If that
> is the case, then I'm not sure where the information Norman references would
> have come from, but it didn't come from me.  I'd maintain that I did not
> disclose anything in my response that hadn't already been disclosed publicly
> at the time and I would still request that Christian provide a specific
> example of the breach of confidentiality with which I am accused.

Please find the relevant quote from two e-mails sent to Josh Sokol in
April 2014 related to confidentiality:

On Tue, Apr 15, 2014 at 1:05 PM, Christian Heinrich
<christian.heinrich at cmlh.id.au> wrote:
> Please do not approach Chris Gatford, Drazen Drazic, etc or discuss this
> matter on public mailing lists

On Wed, Apr 16, 2014 at 9:26 AM, Christian Heinrich
<christian.heinrich at cmlh.id.au> wrote:
> Also, please heed my warning about discussing this on a public mailing
> list i.e. http://lists.owasp.org/pipermail/owasp-board/2014-April/013580.html

On Fri, May 16, 2014 at 1:59 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
> While I can appreciate Christian's perspective on what my correct course of
> action should have been, my fiduciary duty is to protect the OWASP
> Foundation, and Christian's continued harassment of OWASP members is of the
> utmost concern.  I'd much rather our members know that they have rights and
> that the Board stands behind them, rather than allowing Christian to bully
> them into submission.

The service of a subpoena is not harassment.

Prior to issuing the subpoena, I had made a reasonable request to
Sarah, Tobias and Josh of what I was seeking and Josh immediately
became evasive, obstructive and elected himself to deal with the
Australian courts.  Both Tobias and Sarah were much more reasonable.

On Fri, May 16, 2014 at 1:59 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
> Christian is correct that my autoresponder does not attempt to discern
> contents.  It was put in place (for me) after telling Christian NINE (9)
> times that I would not provide him with the information he was seeking to
> maintain confidentiality unless a subpoena was issued to obtain it.  At
> least two of these were after I had explicitly told Christian that his
> contacting myself and other OWASP members was perceived as harassment and
> after asking him to refrain from contacting me directly on this matter.  It
> was done at the suggestion of OWASP legal counsel, with the support of the
> Board, and instead of the OWASP Foundation filing a formal harassment
> complaint against Christian.

While this is addressed above the information I am seeking is not
confidential as OWASP is an open and transparent organisation and
furthermore I sought to subpoena the other parties rather than OWASP
if Josh was able to confirm if the other parties had been informed of
where to find the information sought.

On Fri, May 16, 2014 at 1:59 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
> Again, while I can appreciate Christian's perspective on what my correct
> course of action should have been, my fiduciary duty is to protect the OWASP
> Foundation.  His persistent harassment of myself and other OWASP members (at
> least two or three others that I am aware of) is what prompted my response.
> If anyone is injuring Christian's professional reputation, it is him through
> his words and actions against OWASP and it's members.  My providing passive
> instructions on the proper response should they be contacted by him on this
> manner, supported by OWASP legal counsel and the Board, was by no means an
> attempt to injure Christian either personally or professionally.  If it was
> perceived as otherwise, then I sincerely apologize.

I have sought to have Sarah and Tobias instruct the legal counsel to
prepare the subpoena for service in New York as the subpoena must be
registered within their jurisdiction for it to be enforceable.

I put it to OWASP that their intent is not produce the information
requested or assist in confirming specific facts in the matter so that
other parties within Australia could be subpoenaed for information
that I am seeking instead of OWASP and have demonstrated a total
disregard of their stated ethics of openness and transparency.

I demand that Josh Sokol be reprimanded for his continued breaches of
OWASP Code of Ethics.


-- 
Regards,
Christian Heinrich

http://cmlh.id.au/contact


More information about the Governance mailing list