[Owasp-board] Fwd: Update on Google Hacking Inquiry and Request for Reinstatement

Josh Sokol josh.sokol at owasp.org
Wed Feb 12 21:12:34 UTC 2014

I'm forwarding this to the OWASP Board list on Christian's behalf.

He is correct in that I meant "Chris Gatford" and not "Chris Gates".  Too
many similar names running through my head.  My apologies if this confused
anyone or lead them astray from the issue.  It was absolutely unintended.

I still feel that my comparison to our current "Incubator" level of
projects is applicable here.  My understanding is that projects at this
level do not distinguish on source code or a lack thereof, but rather, the
development of an idea toward an eventual concrete deliverable.  To his
credit, Christian did appear to have working source code and simply hadn't
made it public yet as it was waiting on a review.  To me, at least, this
seems like a reasonable request before moving a project into mainstream use.

Christian does clarify that he does not feel that his reinstatement is
dependent upon a pursuit of Chris Gatford.


---------- Forwarded message ----------
From: Christian Heinrich <christian.heinrich at cmlh.id.au>
Date: Tue, Feb 11, 2014 at 11:20 PM
Subject: Update on Google Hacking Inquiry and Request for Reinstatement
To: Josh Sokol <josh.sokol at owasp.org>
Cc: OWASP Foundation Board List <owasp-board at lists.owasp.org>


I would appreciate if you could publish this to the OWASP Board Mailing
List and I am responding to
http://lists.owasp.org/pipermail/owasp-board/2014-February/013107.html only
(I haven't read the entire thread).

"Chris Gates" is a different person from Chris Gatford and I can understand
the confusion related to their surname. Chris Gates was interested in
reviewing the OWASP Google Hacking Project after seeing it at ToorCon but
since OWASP has a policy that the reviewer as to be an OWASP member, of
which I knew none aside from Justin Derry, he was unable to undertake this
and I am yet to understand the benefit of this OWASP policy.

Please don't speak to either Andrew van der Stock or Chris Spencer. As per
has well known mental health issues which have resulted incidents
such as him insulting Chris Spencer and RUXCON terminating their
relationship with OWASP.

I disagree with the comments related to "Incubator" Project level since the
source code did in fact exist. The fact is Tom Brennan sought to bully and
intimidate me i.e. i.e. "Project DEAD" quote within
http://lists.owasp.org/pipermail/owasp-board/2010-June/008545.html, refer
to "Sun, Jun 27, 2010 at 12:09 AM" within
is the root cause of what withheld its release since the project was
required to be reviewed *before* release according to the instructions from
Paulo and I knew that Chris Gatford would attempt to use the source code
comments against me. Most of all I am interested to know how Trey Ford who
was employed at the same company of Tom did not have to undertake this i.e.

I'll send you a large number of examples where I have been rejected for
work due to the OWASP Google Hacking Inquiry (it is one of my most popular
Google Search Results).

It is too late for OWASP to attempt to wipe the slate clean and furthermore
the Google Hacking Inquiry is recoverable i.e.
 As far as I am concerned the OWASP Board voted to hold an inquiry and
hence should be held to account.  The OWASP Board will have to accept that
I anticipated that Chris Gatford would attempt to attack me and hence why
no evidence would be found (and this is what Dinis was told during HITB

The request for reinstatement has no dependency on OWASP pursing the
inquiry against Chris Gatford or not.

Christian Heinrich

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140212/d97c98a1/attachment.html>

More information about the Owasp-board mailing list