Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

At what point do white hat hackers cross the ethical line?

Ondrej Krehel and Darin Andersen of Cyberunited Lifars | Aug. 17, 2015
If the intention is pure, does that make it ok?

If the assessment was performed by an individual with a disregard for safety like Roberts on that plane, it might translate into a major threat to the population. The same applies to a plethora of other scenarios, where an overly-eager security professional might forget (or ignore) certain precautions in search of flaws in the system they are testing.

Organizations such as Google, Facebook, Microsoft, and others offer white hat hackers a reward program for those who discover vulnerabilities. In fact, Google has recently announced a new program for public discovery of Android vulnerabilities, offering successful white hat hackers up to $40,000 for submitting a high-quality, reproducible bug in the system.

These companies are prepared for public penetration testing and presumably have a plan in place in case an accident happens and part of the system malfunctions. Or they are simply willing to take the risk and reap the benefits of crowdsourcing. For most organizations, however, this is not a viable model, and white hat hackers need to acknowledge and respect that. Not just because it is typically illegal, but because it's unethical and can put people's lives at risk.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.