Ethical ‘White Hat’ Hackers Play Vital Security Role

Known as "white hats," ethical hackers are the indispensable ground troops in the back-and-forth battle to make the Internet safer.

White hats devote countless hours and intense brain power to discovering security holes in popular apps and platforms. By flushing these bugs out into public light, they compel the good guys to fix the flaws before the bad guys can discover them first, and take advantage.

Microsoft and Facebook last week announced they will begin paying bounties to ethical hackers for discovering vulnerabilities, not just in their own products, but in software systems that make up the Internet infrastructure, as well.

This quiet endorsement is a huge step forward. "A lot of hidden bugs survive in very important code," says Dan Kaminsky, co-founder and chief scientist at fraud-prevention company White Ops. Incentivizing white hats to scrutinize infrastructure code "is a game changer for protecting users," he says.

White hats have steadily gained mainstream acceptance. Google and Facebook have spent millions paying hackers "bug bounties" to point out fresh flaws, known as zero-day vulnerabilities, in their respective products. Even Microsoft, long opposed to paying bounties, began paying such bounties earlier this year.

Now Microsoft and Facebook will support a panel of experts assigned to issue awards of $5,000 or even more to hackers who flush out serious vulnerabilities in development tools and Web server operating systems that make up the Internet.

That move follows an extraordinary development that highlights the independent, altruistic mindset of the hacking community.

It unfolded after Khalil Shreateh, a self-taught coder from a Palestinian village, discovered a major Facebook security flaw that enables anyone to post anything on anyone else's wall.

Facebook's security team disputed his findings. So Shreateh posted a notice on Facebook CEO Mark Zuckerberg's wall to validate his find. Still, the company refused to pay him.

"I felt frustrated to find a big...

Comments are closed.