[Owasp-board] Getting it all out in the open

Josh Sokol josh.sokol at owasp.org
Tue Feb 18 01:53:02 UTC 2014


Christian,

As you had responded to other messages posted on the OWASP Board mailing
list, I assumed you were reading what was posted there.  I made no attempts
to hide this and there was quite the discussion following it.  Feel free to
read it here:

http://lists.owasp.org/pipermail/owasp-board/2014-February/013107.html

I've mentioned the replacement text in our communications (probably not
specifying the exact text as I wrongly made the assumption that you had
already read it) so I'm surprised that you're surprised by it and that you
didn't ask me for clarification on what I was talking about before this.
For ease of access, the proposed replacement text is as follows:

Recently, information has been brought to our attention which allows
the current
OWASP Board to revisit OWASP's position on the Google Hacking Inquiry
that was undertaken in July of 2010.  The OWASP Code of Ethics
<https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Code_of_Ethics>
 states that we should not intentionally injure or impugn the
professional reputation of colleagues and, upon consideration, we feel
that perpetuating the inquiry results would do just that.  As such, we
feel that it is in the best interests of the OWASP Foundation and all
concerned parties to wipe the slate clean by removing the details of the
 inquiry from our public records at this time.  We feel sincerely sorry
for any damages that this inquiry may have caused to any of the parties
involved.


~josh


On Mon, Feb 17, 2014 at 7:17 PM, Christian Heinrich <
christian.heinrich at cmlh.id.au> wrote:

> Tobias,
>
> My recollection from the conference call is the only item that Josh
> and I discussed on the conference call was that Dinis Cruz included in
> the "Synopsis" incorporated statements that were excluded at the
> request of the GPC such as Dinis' use of "innovative" which has no
> corresponding item to support this synopsis in the PDF.
>
> We also briefly discussed how I sought reviewers for the OWASP Project
> and that my request to independently seek confirmation of the
> identities of the "unverified sources" making the complaint.
>
> As far as I am aware Josh's "solution" (if I can call it that) is to
> remove wiki page and PDF of the OWASP inquiry and not take any further
> action in restoring my reputation, such as issuing a public apology
> which I could present the OWASP members who accused me of exploiting
> OWASP and are yet to read the PDF.
>
> Josh has *not* brought to my attention or discussed his proposed
> placeholder text to me. Therefore I am unaware of it's existence so I
> assume this must be something he has sent to the OWASP Board Members
> (directly to their e-mail addresses rather than on the owasp-board
> mailing list) instead.
>
> Can you please provide the "placeholder" text on Josh's behalf?
>
> On Mon, Feb 17, 2014 at 10:20 PM, Tobias <tobias.gondrom at owasp.org> wrote:
> > just one personal question for my understanding:
> > I was under the impression that you were not happy with the current text
> of
> > the Google Hacking Inquiry document
> > (https://www.owasp.org/index.php/OWASP_Inquiries/Google_Hacking_Project)
> > being accessible on the OWASP web page. Have I misunderstood this?
> >
> > And considering that the proposed "placeholder text" has been sent by
> Josh
> > to this list before, would you in that case rather wish for OWASP to keep
> > the current document there as it is? Please let us know, so the board can
> > take your opinion into consideration when we decide on the document.
>
> --
> Regards,
> Christian Heinrich
>
> http://cmlh.id.au/contact
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140217/8f7329ee/attachment-0001.html>


More information about the Owasp-board mailing list