[Owasp-board] Fwd: Re: Update on Google Hacking Inquiry and Request for Reinstatement

Josh Sokol josh.sokol at owasp.org
Thu Feb 13 05:35:32 UTC 2014


Forwarding on behalf of Christian.
---------- Forwarded message ----------
From: "Christian Heinrich" <christian.heinrich at cmlh.id.au>
Date: Feb 12, 2014 10:39 PM
Subject: Re: Update on Google Hacking Inquiry and Request for Reinstatement
To: "Josh Sokol" <josh.sokol at owasp.org>
Cc: "OWASP Foundation Board List" <owasp-board at lists.owasp.org>

Josh,

On Thu, Feb 13, 2014 at 8:12 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
> I'm forwarding this to the OWASP Board list on Christian's behalf.

I thank you for forwarding this to the OWASP Board but I would prefer
that you didn't attach commentary since the reader may not understand
the entire context of what I have stated.  This is similar to ulterior
motive of Dinis Cruz creating the "synopsis" of the Google Hacking
Project which had a number of misleading statements not found in the
actual PDF, such as his comments around "innovation", etc and hence
why Jim Manico hadn't read the PDF and made accusations around
https://lists.owasp.org/pipermail/owasp-leaders/2011-May/005283.html
(Yes I know this is Dennis but this shows how I came to Jim's
attention) and only once the PDF is read in it's entirety Jim changes
his opinion of me i.e.
https://lists.owasp.org/pipermail/owasp-leaders/2012-July/007468.html
as you also have.

I have no issue with you commenting once my e-mail has been
independently forwarded to the mailing list.

On Thu, Feb 13, 2014 at 8:12 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
> I still feel that my comparison to our current "Incubator" level of
projects
> is applicable here.  My understanding is that projects at this level do
not
> distinguish on source code or a lack thereof, but rather, the development
of
> an idea toward an eventual concrete deliverable.  To his credit, Christian
> did appear to have working source code and simply hadn't made it public
yet
> as it was waiting on a review.  To me, at least, this seems like a
> reasonable request before moving a project into mainstream use.

I clearly stated that on
http://www.slideshare.net/cmlh/download-indexed-cache/38 that the
OWASP Google Hacking Project is "Alpha" under the former OWASP Project
classification.

The version of the program is clearly labelled "Proof of Concept [PoC]
v0.1" i.e. http://www.slideshare.net/cmlh/download-indexed-cache/17
which also infers that it is a development and alpha release as per
http://semver.org/

https://lists.owasp.org/pipermail/owasp-board/2010-August/003585.html
is the e-mail where I attempt to clarify what the actual issue is with
my source code which according to Dinis Cruz is something that Paulo
(a bias and personal friend of Dinis Cruz) was to undertake but still
hadn't almost 3 months after announcing the inquiry.

Dinis Cruz also ignores the well known fact that quality of source
code is purely a subjective measure and neither a requirement of an
OWASP Project and neither would he allow me to prepare a defence to
address any valid concerns (of which there were none), etc i.e.
http://lists.owasp.org/pipermail/owasp-board/2010-August/008833.html

The reason for the extensive and esoteric TODOs was to address a false
claim by either Chris Gatford or Jody that I missed a feature even if
the benefit of a feature (which there are many) far outweighs their
added complexity.

https://github.com/cmlh/Maltego-Facebook/issues/5 is proof that Jody
Melbourne was part of the socket puppets of the Google Hacking Project
i.e. https://twitter.com/jodymelbourne/status/222849048804200448

For a comparison of both Jody Melbourne and Chris Gatford defined
standard of release quality
https://www.hacklabs.com/tools-download/yinjector/yinjector.pl and
this doesn't conform to either Perl Best Practices, etc.

I had also quoted the reference perl code within the "Putting the Tea
into Cyberterrorism" within
https://lists.owasp.org/pipermail/owasp-google-hacking/2010-July/000041.html
and the authors have referenced my work after the inquiry so my alpha
quality is good enough for something I am giving away for free i.e.
http://paterva.com/web6/community/index.php

On Thu, Feb 13, 2014 at 8:12 AM, Josh Sokol <josh.sokol at owasp.org> wrote:
> Christian does clarify that he does not feel that his reinstatement is
> dependent upon a pursuit of Chris Gatford.

I will make a comment in about this in a separate e-mail but it is in
relation to Andre Ludwig and I believe the "one party" that he spoke
to within http://lists.owasp.org/pipermail/owasp-board/2010-June/008481.html
was in fact "Chris Gatford".

I only discovered
http://lists.owasp.org/pipermail/owasp-board/2010-June/008481.html
today so I will prepare something overnight.

Please forward to the OWASP Board Mailing List on my behalf.

Many thanks again for your help Josh.


--
Regards,
Christian Heinrich

http://cmlh.id.au/contact
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140212/a2e88213/attachment.html>


More information about the Owasp-board mailing list