The Latest in IT Security

Hackers would never be hired by security vendors….right?

04
Nov
2011

In a recent BBC article, reputable security firm McAfee is quoted saying, “I’ve never hired computer hackers but that’s not to say I would never do that,” says Raj Samani, chief technical officer of McAfee Europe.

Wow, I thought. Really?

OK, I admit, hacker is one those terms whose definitions has blurred in the last decade.

It used to be generally accepted as a term for someone who broke into websites or databases, either to look around, change stuff, steal stuff, infected stuff, etc.

Today, its meaning is much broader, but you can generally divide hacker types into three groups. You have bad-ass hackers, referred to as black hats, and the good guys, like penetration testers, called white hats.

And don’t assume for a moment that there is not venn diagram of sorts, with a big fat grey hat area.

venn diagram of hackersThe hackers here don’t really sit firmly in either camp. Grey hats will typically break into a system, and alert the company to a specific vulnerability that they exploited. But grey hats often go public about the details of the vulnerability, and many argue that this tells black hats how to break in and cause havoc.

Question is should security companies who create and push out software to customers open their doors to people known to have dabbled in grey and black-hat hacking?

Customers build a relationship based on trust with security vendors. After all, customers who buy security solutions like anti-virus or anti-spam grant security companies access to update computers and devices.

In the same way that I want my bank to vet really closely who they hire, I want my security vendors to be really careful and only put the smartest, most trustworthy and most deserving of experts in the pit to help protect me from all the nasty malware out there.

And on a personal level, I hate the idea that people dabble with black hacking, knowing they will be hired at the end of it by a reputable security vendor. It seems just wrong.

What do you think?



Leave a reply


Categories

THURSDAY, MARCH 28, 2024
WHITE PAPERS

Mission-Critical Broadband – Why Governments Should Partner with Commercial Operators:
Many governments embrace mobile network operator (MNO) networks as ...

ARA at Scale: How to Choose a Solution That Grows With Your Needs:
Application release automation (ARA) tools enable best practices in...

The Multi-Model Database:
Part of the “new normal” where data and cloud applications are ...

Featured

Archives

Latest Comments