[Owasp-board] GMC's proposal to the board - New Membership Revocation Page

Helen Gao helen.gao at owasp.org
Wed Apr 4 12:11:36 UTC 2012

Dear board directors,

In light of a couple of unfortunate incidents, the Membership committee
believe that we could protect the image of OWASP and its members by
introducing formality and transparency to the membership revocation
process. I have shared our proposal with you and hope that you will discuss
it on the board meeting tomorrow.

New Membership Revocation Page

What is the issue?

A couple of recent events have signaled the need for a public and
transparent membership revocation process.

What GMC proposed?

We have created a new Membership Revocation
page.<https://www.owasp.org/index.php/Membership_Revocation>A link to
the page has been put on the Code
of Ethics portion of the About OWASP
Content of the revocation page is below. I have also included Christian
Heinrich’s request to Review OWASP Appeal Proceedings on April 2, 2012.

Due to the sensitivity of the issue, we don’t plan to send the proposal to
other committees and OWASP leaders for review. We plan to lock this page
together with several other important membership pages in the near feature.
  Membership Revocation<https://www.owasp.org/index.php/Membership_Revocation#p-search>
In situations where an individual has had their OWASP Membership revoked:

   - A revoked member will no longer have the privilege to use a
@OWASP.ORGemail address for a period not less than 24 months.
   - A revoked member will no longer be allowed to qualify for its
   membership benefits such as discounts, OWASP on the move programs, grants
   issued by OWASP Foundation or vote for a period not less than 24 months.
   - A revoked member will no longer be allowed to operate as a chapter
   - A revoked member will no longer be allowed to be an OWASP Project
   - A revoked member will no longer be allowed to access OWASP AppSec
   global conferences or regional events at no-charge
   - A revoked member IS permitted to attend OWASP meetings as they are
   open and free by design.
   - A revoked member IS permitted to utilize OWASP materials as they are
   under open source licenses and do not require membership in the
   organization to do so
   - A revoked member will not be allowed to reapply for membership for a
   period not less than 24 months. The revoked member has the option to then
   reapply for membership with reinstatement pending approval by the board.
   - A revoked member is disqualified from participating in OWASP CFPs and
   from speaking at a Global or regional AppSec conference as well as chapter
   meetings for a period not less than 24 months.
   - A revoked member, upon inquiry to the OWASP Foundation concerning
   membership, will show as no longer a member.

Code of Ethics <https://www.owasp.org/index.php/About_OWASP#Code_of_Ethics>
Christian Heinrich’s request to to Review OWASP Appeal Proceedings on April
2, 2012


I wish to request that the Global Membership Committee review the
proceedings conducted by the OWASP Board in relation to the matter of
termination of my OWASP membership.

As a term of reference, I have attached the due process in handling
complaints of the Australian Information Security Association as
documented within their bylaws as an incorporated association in NSW
Australia. I would welcome the OWASP Board to provide their
documentation of their corresponding process as part of the execution
of their duties as a 501(c)(3) not-for-profit charitable organization
in the United States?

The following are considered in scope of this request:
1. The correspondance prior to the appeal call but no later than the
conclusion of the
unless referenced during the appeal proceeding
2. The conference call.
3. The correspondance after the conference call on the OWASP Leaders List.

In the likely event that the GMC rescinds the OWASP Board action then
another request will be made to have the record of the

Can the GMC please acknowledge this request?
Christian Heinrich


Christian has attached the due process in handling complaints of the
Australian Information Security Association. See below.

Version 1.0, December 2004
This document describes the procedure to be for receiving complaints and
should be
read in conjunction with the ISIG Rules. By publishing these procedures,
ISIG does not
expect, invite, solicit, or encourage such complaints. The use of these
procedures is for
the sole purpose of protecting the reputation of the profession. They are
not intended to
be used to coerce or punish members.
ISIG will undertake to keep the identity of the complainant and respondent
in any
complaint confidential from the general public. While disclosure of the
identity of the
complainant will be avoided where possible, upon filing a complaint, the
implies consent to disclose his identity to the respondent, where the
Committee deem it necessary for due process.
Actions of the Executive Committee may be published at its discretion. If
the respondent
is expelled from ISIG, this may include publication of the respondent’s
name and the
reason(s) for expulsion.
Parties are encouraged to maintain confidentiality and members are reminded
of their
obligation to protect the profession.
Specificity of Complaints
The Executive Committee will only consider complaints as determined by the
Rules and
in respect to a member who is alleged to have:
(a) persistently refused or neglected to comply with a provision or
provisions of
the ISIG rules,
(b) persistently and wilfully acted in a manner prejudicial to the
interests of ISIG,
(c) failed to comply with the provisions of the code of ethics.
Standing of Complainant
Complaints from non-members will be accepted only from those who claim to
be injured
by the alleged behavior.
Form of Complaints
All complaints must be in writing. The Executive Committee is not an
investigative body
and does not have investigative resources. Only information submitted in
writing will be
Complaints and supporting evidence must be in the form of statutory
declarations or
other documents with legal standing before the courts of Australia. The
committee will not consider other allegations.Version 1.0, December 2004
Complaints should be sufficiently complete to enable the executive
committee to reach
an appropriate resolution. At a minimum, the statutory declaration should
specify the
respondent, the behavior complained of, the section of the rules or code of
breached, the standing of the complainant, and any corroborating evidence.
The committee may, at its discretion, seek clarification of details or
additional information
form the complainant related to the complaint.
N.B. The executive committee is not an investigative body and has no
authority to
compel testimony. We can consider only evidence submitted to us
voluntarily. There
may be many cases where this evidence is not sufficient to support any
action. We can
proceed only where a prima facie case is made.
Where no such case is made, the board will close the complaint without
prejudice to
either party.
Complaint Handling Procedures
Where a prima facie case has been, the executive committee will review and
with the handling of a complaint as specified within the ISIG Rules.
Rights of Respondents
Respondents to complaints are entitled to timely notification of
complaints. It is the intent
of the executive committee to notify the respondent within fourteen days
from receipt of
the complaint. The respondent is entitled to see all complaints, evidence,
and other
The respondent will have fourteen days from accepting and acknowledging
delivery to
submit information in defense, explanation, rebuttal, extenuation, or
mitigation. As with
the complaint, in order to be considered this information must be in the
form of a
statutory declaration. As in the law, silence implies consent. That is, to
the extent that
the respondent is silent, the committee may assume that he or she does not
dispute the
allegations. The committee may grant necessary extensions of time to the
upon request.
Disagreement on the Facts
Where there is disagreement between the parties over the facts alleged, the
committee, at its sole discretion, may invite additional corroboration,
rebuttals and sur-rebuttals in an attempt to resolve such dispute. The
committee is not
under any obligation to make a finding where the facts remain in dispute
between the
parties. Where the committee is not able to reach a conclusion on the
facts, the benefit
of all doubt goes to the respondent. That is to say, where the respondent
disputes the
facts alleged, then the burden of proof is on the complainant.
Note that any outcome of mediation or arbitration, or judgement of an
Australian court
with reference to the complaint will be regarded as definitive.Version 1.0,
December 2004
Findings and Resolution
In reaching a resolution, the executive committee will prefer the most
limited and
conservative action consistent with its findings and in accordance with the
ISIG Rules.
Notification of Resolution and Right of Appeal
The secretary will notify the respondent of its resolution seven days prior
to any action
as specified under section 13(4) of the ISIG Rules. Respondents may execute
their right
to appeal within 7 days after notice is served in accordance of section 14
of the ISIG

Helen Gao
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20120404/a96994ec/attachment-0001.html>

More information about the Owasp-board mailing list