[Owasp-board] Getting it all out in the open

Tobias tobias.gondrom at owasp.org
Mon Feb 17 11:20:55 UTC 2014

Hello Christian,

just one personal question for my understanding:
I was under the impression that you were not happy with the current text
of the Google Hacking Inquiry document
being accessible on the OWASP web page. Have I misunderstood this?

And considering that the proposed "placeholder text" has been sent by
Josh to this list before, would you in that case rather wish for OWASP
to keep the current document there as it is? Please let us know, so the
board can take your opinion into consideration when we decide on the

Thank you, Tobias

On 17/02/14 04:41, Josh Sokol wrote:
> Christian,
> I don't remember if you said it during one of our calls, but you most
> certainly alluded to it in our recent Skype conversation and in your
> requests for me to follow up with Andre Ludwig.  Here's an excerpt
> from one of those e-mails:
> "Once we have confirmation that Andre's source was Chris Gatford then
> it will make the public relations in restoring my reputation within
> OWASP considerably easier because OWASP members will understand the
> root cause and ulterior motive of the inquiry of the OWASP Google
> Hacking Project."
> And from our Skype conversation:
> "An eye for an eye"
> If you'd like, I would be happy to export our conversation from Skype
> and forward the e-mails regarding contacting Andre as well so that
> others can inspect this evidence.  Did I somehow misinterpret your
> statements?
> We also spoke at some length about the Google Hacking Inquiry on the
> call.  Your desire, at least at the time, was to leave the document in
> tact and replace Jeff's summary with your own condoning the actions
> taken against you and implicating others in a conspiracy against you. 
> I'm paraphrasing here, but I believe that was the gist of what you
> told me.  If you'd like to provide me with an alternate wording, then
> I'd gladly entertain that, but my intent is to push for removal of the
> document altogether as I think it's served whatever purpose it was
> intended and it's time to move on.  I would think that having it gone
> would make you happy in that the Google queries you gave me earlier
> would no longer work to find any results.  I'm honestly not sure why
> you're wanting to fight that.
> I am well aware that Chris Gatford is no longer an OWASP Chapter
> leader.  I'm not sure you're understanding what exactly the dependency
> is here.  It's not "Christian should not attempt to impugn the
> professional reputation of Chris Gatford."  It is "Christian will
> abide by the same Code of Ethics that we expect for all OWASP
> members."  Part of that Code of Ethics includes verbiage saying that
> OWASP members will not injure or impugn the professional reputation of
> colleagues.  Yes, the Code of Ethics were created in large part due to
> circumstances around you, but it was because these values were
> implicit before and your situation forced the Foundation to make them
> explicit.  You could very well be right that others have run awry of
> these Code of Ethics in the past, but unless there is a more current
> event that you are aware of, then I'm not sure it's worth the time and
> effort to pursue.  In any case, you can feel free to forward your
> concerns to Martin Knobloch as OWASP's Compliance Officer and I'm sure
> he will give them proper, unbiased, attention.
> Please do pass along the names and contact information of those in
> Australia who you feel would provide a positive reference for you.  I
> would be more than happy to speak with them.  That said, I can't say
> that it changes much at this point.  They may vouch for some of the
> positive things that you've done, but, unfortunately, it doesn't
> remove any of the negatives which many have experienced.
> I don't think there is a single person here who wants to moderate or
> even read your e-mail communications.  We don't want to have to police
> any of our members.  Our expectation is that they are all adult enough
> to be able to police themselves.  Take note that there is no
> moderation in my proposals.  Your actions would be judged against the
> Code of Ethics as we would any other OWASP member.  The only
> difference is that since you've been suspended in the past for poor
> judgement, another lapse in judgement would result in your immediate
> dismissal.  If you have any questions about what constitutes a lapse
> in judgement, I've offered myself up as a liaison and would be happy
> to help you with your communications, if you so desire.  Other than
> this, the only other stipulation is that you are not allowed to hold
> an OWASP leadership position or present as a representative of OWASP
> for a period of one year.  If your desire is to sit back and watch, as
> you had suggested on the call, then this shouldn't be an issue.  It
> also removes a platform for a wider audience should have a lapse in
> judgement.
> I truly believe that if what you're saying is true, and you want to
> move forward in a positive fashion with OWASP, then you have what I
> believe to be two reasonable offers of co-existence.  There is nothing
> there that is shameful, inappropriate, or overly burdensome.  If
> you're unable to meet these terms, then I'm afraid we have nothing
> left to discuss as your desire is to proceed in a direction that I
> believe is unhealthy for both yourself and OWASP.
> ~josh
> On Sun, Feb 16, 2014 at 5:50 PM, Christian Heinrich
> <christian.heinrich at cmlh.id.au <mailto:christian.heinrich at cmlh.id.au>>
> wrote:
>     Josh,
>     I do *not* have an intent to pursue a vengeance campaign against Chris
>     Gatford.  I fail to see how that would help either me or OWASP.
>     If you are unable to cite where the interview I stated this then can I
>     request that you please stop misquoting me.
>     Neither do I understand why you will not accept an example of how the
>     the text of the Google Hacking Inquiry modified in a non confrontation
>     way which is proposed for consideration and discussion (not the
>     definitive version) that resolve the issue(s) you noted about it
>     previously.
>     You are also aware that Chris Gatford is no longer a Chapter Leader
>     due to his extended inactivity since its formation in 2005 but please
>     let me know what his dependency to me rejoining OWASP?
>     Furthermore, you are yet to interview any witnesses in Australia who
>     are aware of my positive involvement in OWASP?
>     The OWASP Code of Ethics were created in direct response to the poor
>     treatment that
>     http://blog.diniscruz.com/2012/10/why-do-others-think-that-im-hard-to.html
>     as documented at
>     https://lists.owasp.org/pipermail/owasp-board/2010-October/009157.html
>     Please let me know how the conduct of other OWASP members below is not
>     subject to the OWASP Code of Ethics also and is therefore within the
>     definition of selective judgement:
>     1. http://lists.owasp.org/pipermail/owasp-board/2009-May/007510.html
>     2. http://lists.owasp.org/pipermail/owasp-board/2010-June/008376.html
>     3.
>     http://lists.owasp.org/pipermail/owasp-board/2010-October/009194.html
>     4.
>     http://lists.owasp.org/pipermail/owasp-board/2011-January/009563.html
>     I would welcome moderation of correspondence originating from my
>     @owasp.org <http://owasp.org> e-mail address for a period of one
>     year to alleviate the
>     unfounded fears of the OWASP Member of which I am unaware of their
>     identity or concerns.  I believe this compromise is a more restrictive
>     than what you have proposed in which to protect OWASP.  This is *not*
>     an ultimatum, rather a proposal for discussion and consideration.
>     I therefore request that his period commence from 20 June 2014 which
>     will also allow you to consider the unfounded concern related to
>     http://www.theaustralian.com.au/technology/queensland-police-file-still-open-on-smh-hack-story/story-e6frgakx-1226322314514
>     of which my innocent has been proven beyond a reasonable doubt in
>     light of the "hearsay" media coverage.
>     You are more than welcome to schedule a recorded conference call in
>     which to discuss?  I also grant you the unrestricted right to release
>     the recording of this specific conference call that is scheduled in
>     the immedidate future.
>     On Sun, Feb 16, 2014 at 4:39 PM, Josh Sokol <josh.sokol at owasp.org
>     <mailto:josh.sokol at owasp.org>> wrote:
>     > Unfortunately, you are not in a position to give the OWASP Board
>     ultimatums.
>     > I have already effectively offered you #1, but you disagreed
>     with the
>     > message to replace the inquiry and you fail to understand that
>     no OWASP
>     > member is without restriction.  All of us are bound by the OWASP
>     Code of
>     > Ethics.  So your request to rejoin without restriction is a
>     paradox that we
>     > are incapable of entertaining.  Especially in knowing that your
>     intent is to
>     > continue to pursue a vengeance campaign against Chris Gatford
>     which is in
>     > direct violation of our Code of Conduct.
>     >
>     > In addition, your return represents a significant amount of risk
>     given your
>     > behavior in both the far and recent past and you have yet to
>     show any effort
>     > to prove otherwise.  To the contrary, your last two e-mails show
>     a clear
>     > intention to threaten OWASP if a decision is not made in your
>     favor.  You
>     > have what I believe to be two reasonable offers of peaceful
>     co-existence
>     > that have already received votes of support from Dennis Groves
>     and Martin
>     > Knobloch.  If you're unable to meet these terms, then I'm afraid
>     we have
>     > nothing left to discuss as your desire is to proceed in a
>     direction that I
>     > believe is unhealthy for both yourself and OWASP.  That said, I do
>     > appreciate your time and wish you all the best going forward.
> _______________________________________________
> Owasp-board mailing list
> Owasp-board at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-board

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140217/aeab8b11/attachment-0001.html>

More information about the Owasp-board mailing list