White hats believe in responsible disclosure: they tell the corporations about the exploit, not the general public. Leave the general public without knowledge to defend themselves. That’s what they mean by responsible.

Responsible disclosure is irresponsible. If an exploit exists, people are already using it. Believing you are the first to discover an exploit is the height of arrogance. The NSA knows about it, malicious hackers in Russia know about it. Hostile governments know about it. Anonymous knows about it (example study).

The responsible way is to disclose the vulnerability as loudly and embarrassingly as possible. Let the corp feel the pain of their mistakes. If Adobe had cared about security, they would have fixed their Acrobat bugs before hijackers found them. If Oracle cared about security, they would have fixed their Java bugs.

Corps with unencrypted password databases deserve to die, loudly and embarassingly. They are not responsible. Push them over a cliff. Tell users to shun them. Some knowingly ignore security.

When a startup fails because of vulns in their code, make them an example to the world. Responsible means catching your own flaws. Every startup with SQL injection vulns deserves to die, sued into the ground, because they are neglegent. Over time, the world becomes a better place.

Edward Snowden cared about his country so he became a whistleblower. He tried to make the world better. He didn’t follow the law, he followed his heart. He’s a true and good Blackhat.

Gandhi and MLK didn’t follow the law, they did what was right. That’s what Blackhats do. phbs say, Sell yours, get the payout. “White hats” don’t care, they worry about their jobs. Keep the money flowing, the spice must flow. If software were secure, white hats wouldn’t have jobs.

Manifesto:

Good is better than legal

Good is better than kind

Secure better than insecure

Black hats are better than white

Money don’t matter, it’s all about life!

That is, while there is value in the things on the left……yeah whatever.

Security researcher and Software Person