<div class="gmail_quote"><p style="text-align:left;margin-top:0pt;margin-bottom:0pt" dir="ltr"><span style="font-family:Arial;font-size:16px;vertical-align:baseline">Dear board directors,</span></p><p style="text-align:left;margin-top:0pt;margin-bottom:0pt" dir="ltr">

<span style="font-family:Arial;font-size:16px;font-weight:bold;vertical-align:baseline"><br></span></p><p style="text-align:left;margin-top:0pt;margin-bottom:0pt" dir="ltr"><font face="Arial"><span style="font-size:15px">In light of a couple of unfortunate incidents, the Membership committee believe that we could protect the image of OWASP and its members by introducing formality and </span></font><span style="font-family:Arial;font-size:15px">transparency </span><font face="Arial"><span style="font-size:15px">to the membership revocation process. I have shared our proposal </span></font><span style="font-family:Arial;font-size:15px;text-align:center">with you and hope that you will discuss it on the board meeting tomorrow. </span></p>

<p style="text-align:left;margin-top:0pt;margin-bottom:0pt" dir="ltr"><span style="font-family:Arial;font-size:16px;font-weight:bold;vertical-align:baseline"><br></span></p><p style="text-align:center;margin-top:0pt;margin-bottom:0pt" dir="ltr">

<span style="font-family:Arial;font-size:16px;font-weight:bold;vertical-align:baseline">New Membership Revocation Page</span></p><span style="font-family:Arial;font-size:15px;font-weight:bold;vertical-align:baseline"></span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline"></span><br><span style="font-family:Arial;font-size:15px;font-weight:bold;vertical-align:baseline">What is the issue?</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline"></span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">A couple of recent events have signaled the need for a public and transparent membership revocation process.</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline"></span><br>

<span style="font-family:Arial;font-size:15px;font-weight:bold;vertical-align:baseline">What GMC proposed?</span><br><span style="font-family:Arial;font-size:15px;font-weight:bold;vertical-align:baseline"></span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">We have created a </span><a href="https://www.owasp.org/index.php/Membership_Revocation" target="_blank"><span style="color:rgb(17,85,204);font-family:Arial;font-size:15px;vertical-align:baseline">new Membership Revocation page.</span></a><span style="font-family:Arial;font-size:15px;vertical-align:baseline"> A link to the page has been put on the </span><span style="font-family:Arial;font-size:15px;font-style:italic;vertical-align:baseline">Code of Ethics</span><span style="font-family:Arial;font-size:15px;vertical-align:baseline"> portion of the </span><a href="https://www.owasp.org/index.php/About_The_Open_Web_Application_Security_Project#Code_of_Ethics" target="_blank"><span style="color:rgb(17,85,204);font-family:Arial;font-size:15px;vertical-align:baseline">About OWASP page</span></a><span style="font-family:Arial;font-size:15px;vertical-align:baseline">. Content of the revocation page is below. I have also included Christian Heinrich’s request to Review OWASP Appeal Proceedings on April 2, 2012.</span><div>

<font face="Arial"><span style="font-size:15px"><br></span></font></div><div><font face="Arial"><span style="font-size:15px">Due to the sensitivity of the issue, we don’t plan to send the proposal to other committees and OWASP leaders for review. We plan to lock this page together with several other important membership pages in the near feature.</span></font><div>

<h1 dir="ltr"><span style="font-family:Arial;font-size:16px;vertical-align:baseline"><span style="font-weight:normal;vertical-align:baseline">  </span>Membership Revocation</span></h1><a href="https://www.owasp.org/index.php/Membership_Revocation#p-search" target="_blank"><span style="color:rgb(17,85,204);font-family:Arial;font-size:15px;vertical-align:baseline"></span></a><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">In situations where an individual has had their OWASP Membership revoked:</span><ul style="margin-top:0pt;margin-bottom:0pt"><li style="font-family:Arial;font-size:15px;vertical-align:baseline;list-style-type:disc">

<span style="vertical-align:baseline">A revoked member will no longer have the privilege to use a @<a href="http://OWASP.ORG" target="_blank">OWASP.ORG</a> email address for a period not less than 24 months.</span></li><li style="font-family:Arial;font-size:15px;vertical-align:baseline;list-style-type:disc">

<span style="vertical-align:baseline">A revoked member will no longer be allowed to qualify for its membership benefits such as discounts, OWASP on the move programs, grants issued by OWASP Foundation or vote for a period not less than 24 months.</span></li>

<li style="font-family:Arial;font-size:15px;vertical-align:baseline;list-style-type:disc"><span style="vertical-align:baseline">A revoked member will no longer be allowed to operate as a chapter leader</span></li><li style="font-family:Arial;font-size:15px;vertical-align:baseline;list-style-type:disc">

<span style="vertical-align:baseline">A revoked member will no longer be allowed to be an OWASP Project Leader</span></li><li style="font-family:Arial;font-size:15px;vertical-align:baseline;list-style-type:disc"><span style="vertical-align:baseline">A revoked member will no longer be allowed to access OWASP AppSec global conferences or regional events at no-charge</span></li>

<li style="font-family:Arial;font-size:15px;vertical-align:baseline;list-style-type:disc"><span style="vertical-align:baseline">A revoked member IS permitted to attend OWASP meetings as they are open and free by design.</span></li>

<li style="font-family:Arial;font-size:15px;vertical-align:baseline;list-style-type:disc"><span style="vertical-align:baseline">A revoked member IS permitted to utilize OWASP materials as they are under open source licenses and do not require membership in the organization to do so</span></li>

<li style="font-family:Arial;font-size:15px;vertical-align:baseline;list-style-type:disc"><span style="vertical-align:baseline">A revoked member will not be allowed to reapply for membership for a period not less than 24 months. The revoked member has the option to then reapply for membership with reinstatement pending approval by the board.</span></li>

<li style="font-family:Arial;font-size:15px;vertical-align:baseline;list-style-type:disc"><span style="vertical-align:baseline">A revoked member is disqualified from participating in OWASP CFPs and from speaking at a Global or regional AppSec conference as well as chapter meetings for a period not less than 24 months.</span></li>

<li style="font-family:Arial;font-size:15px;vertical-align:baseline;list-style-type:disc"><span style="vertical-align:baseline">A revoked member, upon inquiry to the OWASP Foundation concerning membership, will show as no longer a member.</span></li>

</ul><span style="font-family:Arial;font-size:15px;vertical-align:baseline"></span><br><a href="https://www.owasp.org/index.php/About_OWASP#Code_of_Ethics" target="_blank"><span style="color:rgb(17,85,204);font-family:Arial;font-size:15px;vertical-align:baseline">Code of Ethics</span></a><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">*******************************************************************************************************</span><br><span style="font-family:Arial;font-size:15px;font-weight:bold;vertical-align:baseline">Christian Heinrich’s request to to Review OWASP Appeal Proceedings on April 2, 2012</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline"></span><br><span style="color:rgb(34,34,34);font-family:Arial;font-size:15px;vertical-align:baseline">GMC,</span><br><span style="color:rgb(34,34,34);font-family:Arial;font-size:15px;vertical-align:baseline"></span><br>

<span style="color:rgb(34,34,34);font-family:Arial;font-size:15px;vertical-align:baseline">I wish to request that the Global Membership Committee review the</span><br><span style="color:rgb(34,34,34);font-family:Arial;font-size:15px;vertical-align:baseline">proceedings conducted by the OWASP Board in relation to the matter of</span><br>

<span style="color:rgb(34,34,34);font-family:Arial;font-size:15px;vertical-align:baseline">termination of my OWASP membership.</span><br><span style="color:rgb(34,34,34);font-family:Arial;font-size:15px;vertical-align:baseline"></span><br>

<span style="color:rgb(34,34,34);font-family:Arial;font-size:15px;vertical-align:baseline">As a term of reference,  I have attached the due process in handling</span><br><span style="color:rgb(34,34,34);font-family:Arial;font-size:15px;vertical-align:baseline">complaints of the Australian Information Security Association as</span><br>

<span style="color:rgb(34,34,34);font-family:Arial;font-size:15px;vertical-align:baseline">documented within their bylaws as an incorporated association in NSW</span><br><span style="color:rgb(34,34,34);font-family:Arial;font-size:15px;vertical-align:baseline">Australia.  I would welcome the OWASP Board to provide their</span><br>

<span style="color:rgb(34,34,34);font-family:Arial;font-size:15px;vertical-align:baseline">documentation of their corresponding process as part of the execution</span><br><span style="color:rgb(34,34,34);font-family:Arial;font-size:15px;vertical-align:baseline">of their duties as a 501(c)(3) not-for-profit charitable organization</span><br>

<span style="color:rgb(34,34,34);font-family:Arial;font-size:15px;vertical-align:baseline">in the United States?</span><br><span style="color:rgb(34,34,34);font-family:Arial;font-size:15px;vertical-align:baseline"></span><br>

<span style="color:rgb(34,34,34);font-family:Arial;font-size:15px;vertical-align:baseline">The following are considered in scope of this request:</span><br><span style="color:rgb(34,34,34);font-family:Arial;font-size:15px;vertical-align:baseline">1. The correspondance prior to the appeal call but no later than the</span><br>

<span style="color:rgb(34,34,34);font-family:Arial;font-size:15px;vertical-align:baseline">conclusion of the</span><br><a href="https://www.owasp.org/index.php/OWASP_Inquiries/Google_Hacking_Project" target="_blank"><span style="color:rgb(17,85,204);font-family:Arial;font-size:15px;vertical-align:baseline">https://www.owasp.org/index.php/OWASP_Inquiries/Google_Hacking_Project</span></a><span style="color:rgb(34,34,34);font-family:Arial;font-size:15px;vertical-align:baseline">,</span><br>

<span style="color:rgb(34,34,34);font-family:Arial;font-size:15px;vertical-align:baseline">unless referenced during the appeal proceeding</span><br><span style="color:rgb(34,34,34);font-family:Arial;font-size:15px;vertical-align:baseline">2. The conference call.</span><br>

<span style="color:rgb(34,34,34);font-family:Arial;font-size:15px;vertical-align:baseline">3. The correspondance after the conference call on the OWASP Leaders List.</span><br><span style="color:rgb(34,34,34);font-family:Arial;font-size:15px;vertical-align:baseline"></span><br>

<span style="color:rgb(34,34,34);font-family:Arial;font-size:15px;vertical-align:baseline">In the likely event that the GMC rescinds the OWASP Board action then</span><br><span style="color:rgb(34,34,34);font-family:Arial;font-size:15px;vertical-align:baseline">another request will be made to have the record of the</span><br>

<a href="https://www.owasp.org/index.php/OWASP_Inquiries/Google_Hacking_Project" target="_blank"><span style="color:rgb(17,85,204);font-family:Arial;font-size:15px;vertical-align:baseline">https://www.owasp.org/index.php/OWASP_Inquiries/Google_Hacking_Project</span></a><br>

<span style="color:rgb(34,34,34);font-family:Arial;font-size:15px;vertical-align:baseline">amended.</span><br><span style="color:rgb(34,34,34);font-family:Arial;font-size:15px;vertical-align:baseline"></span><br><span style="color:rgb(34,34,34);font-family:Arial;font-size:15px;vertical-align:baseline">Can the GMC please acknowledge this request?</span><br>

<span style="color:rgb(34,34,34);font-family:Arial;font-size:15px;vertical-align:baseline">--</span><br><span style="color:rgb(34,34,34);font-family:Arial;font-size:15px;vertical-align:baseline">Regards,</span><br><span style="color:rgb(34,34,34);font-family:Arial;font-size:15px;vertical-align:baseline">Christian Heinrich</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline"></span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">---------------------------------------------------------------------------</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline"></span><br><span style="font-family:Arial;font-size:15px;font-weight:bold;vertical-align:baseline">Christian has attached </span><span style="color:rgb(34,34,34);font-family:Arial;font-size:15px;font-weight:bold;vertical-align:baseline">the due process in handling complaints of the Australian Information Security Association. See below.</span><br>

<span style="font-family:Arial;font-size:15px;font-weight:bold;vertical-align:baseline"></span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">Version 1.0, December 2004</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">COMPLAINTS AGAINST MEMBERS</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">Preamble</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">This document describes the procedure to be for receiving complaints and should be</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">read in conjunction with the ISIG Rules. By publishing these procedures, ISIG does not</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">expect, invite, solicit, or encourage such complaints. The use of these procedures is for</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">the sole purpose of protecting the reputation of the profession. They are not intended to</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">be used to coerce or punish members.</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">Confidentiality</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">ISIG will undertake to keep the identity of the complainant and respondent in any</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">complaint confidential from the general public. While disclosure of the identity of the</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">complainant will be avoided where possible, upon filing a complaint, the complainant</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">implies consent to disclose his identity to the respondent, where the Executive</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">Committee deem it necessary for due process.</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">Actions of the Executive Committee may be published at its discretion. If the respondent</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">is expelled from ISIG, this may include publication of the respondent’s name and the</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">reason(s) for expulsion.</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">Parties are encouraged to maintain confidentiality and members are reminded of their</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">obligation to protect the profession.</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">Specificity of Complaints</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">The Executive Committee will only consider complaints as determined by the Rules and</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">in respect to a member who is alleged to have:</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">(a) persistently refused or neglected to comply with a provision or provisions of</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">the ISIG rules,</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">(b) persistently and wilfully acted in a manner prejudicial to the interests of ISIG,</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">or</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">(c) failed to comply with the provisions of the code of ethics.</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">Standing of Complainant</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">Complaints from non-members will be accepted only from those who claim to be injured</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">by the alleged behavior.</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">Form of Complaints</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">All complaints must be in writing. The Executive Committee is not an investigative body</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">and does not have investigative resources. Only information submitted in writing will be</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">considered.</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">Complaints and supporting evidence must be in the form of statutory declarations or</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">other documents with legal standing before the courts of Australia. The executive</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">committee will not consider other allegations.Version 1.0, December 2004</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">Complaints should be sufficiently complete to enable the executive committee to reach</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">an appropriate resolution. At a minimum, the statutory declaration should specify the</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">respondent, the behavior complained of, the section of the rules or code of ethics</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">breached, the standing of the complainant, and any corroborating evidence.</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">The committee may, at its discretion, seek clarification of details or additional information</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">form the complainant related to the complaint.</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">N.B. The executive committee is not an investigative body and has no authority to</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">compel testimony. We can consider only evidence submitted to us voluntarily. There</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">may be many cases where this evidence is not sufficient to support any action. We can</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">proceed only where a prima facie case is made.</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">Where no such case is made, the board will close the complaint without prejudice to</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">either party.</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">Complaint Handling Procedures</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">Where a prima facie case has been, the executive committee will review and proceed</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">with the handling of a complaint as specified within the ISIG Rules.</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">Rights of Respondents</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">Respondents to complaints are entitled to timely notification of complaints. It is the intent</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">of the executive committee to notify the respondent within fourteen days from receipt of</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">the complaint. The respondent is entitled to see all complaints, evidence, and other</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">documents.</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">The respondent will have fourteen days from accepting and acknowledging delivery to</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">submit information in defense, explanation, rebuttal, extenuation, or mitigation. As with</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">the complaint, in order to be considered this information must be in the form of a</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">statutory declaration. As in the law, silence implies consent. That is, to the extent that</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">the respondent is silent, the committee may assume that he or she does not dispute the</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">allegations. The committee may grant necessary extensions of time to the respondent</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">upon request.</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">Disagreement on the Facts</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">Where there is disagreement between the parties over the facts alleged, the executive</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">committee, at its sole discretion, may invite additional corroboration, exculpation,</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">rebuttals and sur-rebuttals in an attempt to resolve such dispute. The committee is not</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">under any obligation to make a finding where the facts remain in dispute between the</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">parties. Where the committee is not able to reach a conclusion on the facts, the benefit</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">of all doubt goes to the respondent. That is to say, where the respondent disputes the</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">facts alleged, then the burden of proof is on the complainant.</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">Note that any outcome of mediation or arbitration, or judgement of an Australian court</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">with reference to the complaint will be regarded as definitive.Version 1.0, December 2004</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">Findings and Resolution</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">In reaching a resolution, the executive committee will prefer the most limited and</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">conservative action consistent with its findings and in accordance with the ISIG Rules.</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">Notification of Resolution and Right of Appeal</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">The secretary will notify the respondent of its resolution seven days prior to any action</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">as specified under section 13(4) of the ISIG Rules. Respondents may execute their right</span><br>

<span style="font-family:Arial;font-size:15px;vertical-align:baseline">to appeal within 7 days after notice is served in accordance of section 14 of the ISIG</span><br><span style="font-family:Arial;font-size:15px;vertical-align:baseline">Rules.</span><span class="HOEnZb"><font color="#888888"><br clear="all">

<div><br></div>-- <br>Helen Gao<br>
</font></span></div></div>
</div><br>