[Owasp-board] Getting it all out in the open

Josh Sokol josh.sokol at owasp.org
Tue Feb 18 02:33:32 UTC 2014

Actually, even though I may not have provided this replacement text to you
directly, you clearly were aware of it's existence per the following text:

"I would appreciate if you could publish this to the OWASP Board Mailing
List and I am responding to
http://lists.owasp.org/pipermail/owasp-board/2014-February/013107.html only
(I haven't read the entire thread)."


In fact, you responded to the text saying "It is too late for OWASP to
attempt to wipe the slate clean and furthermore the Google Hacking Inquiry
is recoverable" and asked me to forward it on your behalf, which I did, to
the rest of the OWASP Board:


On Mon, Feb 17, 2014 at 7:53 PM, Josh Sokol <josh.sokol at owasp.org> wrote:

> Christian,
> As you had responded to other messages posted on the OWASP Board mailing
> list, I assumed you were reading what was posted there.  I made no attempts
> to hide this and there was quite the discussion following it.  Feel free to
> read it here:
> http://lists.owasp.org/pipermail/owasp-board/2014-February/013107.html
> I've mentioned the replacement text in our communications (probably not
> specifying the exact text as I wrongly made the assumption that you had
> already read it) so I'm surprised that you're surprised by it and that you
> didn't ask me for clarification on what I was talking about before this.
> For ease of access, the proposed replacement text is as follows:
> Recently, information has been brought to our attention which allows the current
> OWASP Board to revisit OWASP's position on the Google Hacking Inquiry
> that was undertaken in July of 2010.  The OWASP Code of Ethics <https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Code_of_Ethics>
>  states that we should not intentionally injure or impugn the
> professional reputation of colleagues and, upon consideration, we feel
> that perpetuating the inquiry results would do just that.  As such, we
> feel that it is in the best interests of the OWASP Foundation and all
> concerned parties to wipe the slate clean by removing the details of the
>  inquiry from our public records at this time.  We feel sincerely sorry
> for any damages that this inquiry may have caused to any of the parties
> involved.
> ~josh
> On Mon, Feb 17, 2014 at 7:17 PM, Christian Heinrich <
> christian.heinrich at cmlh.id.au> wrote:
>> Tobias,
>> My recollection from the conference call is the only item that Josh
>> and I discussed on the conference call was that Dinis Cruz included in
>> the "Synopsis" incorporated statements that were excluded at the
>> request of the GPC such as Dinis' use of "innovative" which has no
>> corresponding item to support this synopsis in the PDF.
>> We also briefly discussed how I sought reviewers for the OWASP Project
>> and that my request to independently seek confirmation of the
>> identities of the "unverified sources" making the complaint.
>> As far as I am aware Josh's "solution" (if I can call it that) is to
>> remove wiki page and PDF of the OWASP inquiry and not take any further
>> action in restoring my reputation, such as issuing a public apology
>> which I could present the OWASP members who accused me of exploiting
>> OWASP and are yet to read the PDF.
>> Josh has *not* brought to my attention or discussed his proposed
>> placeholder text to me. Therefore I am unaware of it's existence so I
>> assume this must be something he has sent to the OWASP Board Members
>> (directly to their e-mail addresses rather than on the owasp-board
>> mailing list) instead.
>> Can you please provide the "placeholder" text on Josh's behalf?
>> On Mon, Feb 17, 2014 at 10:20 PM, Tobias <tobias.gondrom at owasp.org>
>> wrote:
>> > just one personal question for my understanding:
>> > I was under the impression that you were not happy with the current
>> text of
>> > the Google Hacking Inquiry document
>> > (https://www.owasp.org/index.php/OWASP_Inquiries/Google_Hacking_Project
>> )
>> > being accessible on the OWASP web page. Have I misunderstood this?
>> >
>> > And considering that the proposed "placeholder text" has been sent by
>> Josh
>> > to this list before, would you in that case rather wish for OWASP to
>> keep
>> > the current document there as it is? Please let us know, so the board
>> can
>> > take your opinion into consideration when we decide on the document.
>> --
>> Regards,
>> Christian Heinrich
>> http://cmlh.id.au/contact
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20140217/262b9aaf/attachment.html>

More information about the Owasp-board mailing list