We are reclaiming the term hacker. HackerOne has always used the Massachusetts Institute of Technology’s definition of a hacker, “one who enjoys the intellectual challenge of creatively overcoming limitations”. But some still find the term to be synonymous with cybercrime. We are not alone in our belief that the definition must be updated.
Earlier this month at Infosecurity Europe, we surveyed 261 IT professionals in attendance, which revealed that the overwhelming majority (70%) believe the Cambridge Dictionary should remove the word ‘illegally’ from its definition of “hacker,” while 7% simply weren’t sure.
The Cambridge Dictionary currently describes a hacker as "a person who is skilled in the use of computer systems, often one who illegally obtains access to private computer systems".
We propose removing “illegal” for starters. Hackers play an essential role in keeping the internet safe by leveraging their creativity and intelligence to find complex security flaws often missed by traditional methods. There are more people hacking for good than ever before.
There are far more ethical hackers in the world than criminal hackers, and they are rallying behind organizations that welcome their contributions to cybersecurity. We know from our 2018 Hacker Report that hackers are motivated by the opportunity to learn, with “to be challenged” and “to have fun” tied for second.
We also asked InfoSecurity attendees about how they are receiving vulnerability reports from hackers to date. Reassuringly, 51% of IT professionals at Infosecurity Europe said their organization already has a defined process for hackers to report vulnerabilities, while 63% of respondents said their organization would respond to a vulnerability report that came in from an external researcher or hacker. But we need to get better as an industry. Respondents are still neglecting to protect their customers from unknown vulnerabilities with help from the hacker community with 21% saying they would not respond and 16% were unsure what they would do.
Getting the vulnerability report into the right hands is the first step in resolution. InfoSecurity attendees also revealed that 43% of organizations struggle to apply security updates to resolve all the vulnerabilities that are being found today.
The world of cybersecurity is evolving. With it, so should the definition of such key contributors, hackers. There is no such thing as 100% security, but together we can work towards the goal of getting as close to that as possible. Together, we hit harder!