The following introduction was originally published in the BCS Information Security Now Magazine, Spring 2011 issue (Volume 5, Issue 3), which was on the topic of Ethical Hacking:
“There has been debate and disagreement as to whether the term ethical hacking is correct and appropriate. Adding ethical as a prefix to a word that has the baggage of hacking does not placate those that subscribe to a belief that hacking is solely unlawful (forgetting the history and alternate uses of the word). For myself, I have more of an issue with ethical, as criminals may have a stronger ethical position than some professionals, demonstrated in some recent leaks. Ultimately it’s down to authorisation and scope, not terminology.
As seen from numerous recent large-scale intrusions, seemingly backed by state-sponsors, spammers and fraudsters, failure to test adequately can be a factor. Only once you start with a known secure system or service can you look to keep it that way.
It’s mine, I can do what I want
Restrictive laws can give those that wish to tinker and open up closed and proprietary systems a significant legal headache, even when only trying to restore a feature removed by the manufacturer. Copyright (monopoly rights) was originally conceived as a protection against duplication. Once you’ve bought, say, a games console why should rights of fair use to modify or adapt be so limited?
There is a lot of discussion around what responsible disclosure entails, and not everyone agrees (even on the name), but on the whole it is reporting the finding in a responsible way, usually to the site or vendor, and providing sufficient time to develop, test and deploy a fix before announcing it to the world.”
A PDF version of the magazine is available online at: