Ethical hackers – a term that seems like an oxymoron of sorts. A self-styled group of them have a mission to work against those who would seek to hide security flaws with spin.

IDG’s Jeremy Kirk, reported the news, announced at last week’s Black Hat conference in Amsterdam. The group calls themselves GNU Citizen – blogging researchers who have blown the whistle on various software vulnerabilities.

Gnu Citizen aims to counter those who would hide the vulnerability information to protect their business interests, a process called “black public relations”. Member Petko D.Petkov claims that companies have and continue to spend a lot of money on these “black PR” crisis management teams that try to keep a lid on situations so as not to alarm their customers.

Petkov calls black PR is a bit of a black art involving pressuring people, manipulating the media and other ways they use to keep customer worries at a low.

GNU Citizen has a policy of responsible disclosure, contacting companies that have problems with their software and allowing them time to fix the bugs before the flaws are publicly published. Yet their publishing the flaws leads to them being blamed for subsequent attacks.

He claimed that some companies resort to hushing up the flaws, because fixing them would be too costly. “Most of the companies, they just don’t fix them [software problems],” Petkov said. “They build a big black PR group to counter stories.”

Security firms might call GNU Citizen no better than vigilantes, while some would call them guardians of consumer protection. But the ethical hacker movement isn’t going away anytime soon, if GNU Citizen has any say in it.

Related:

Entry was posted on Sunday, March 30th, 2008 at 12:20 pm under Security.

Read more entries by Erna Mahyuni.
Stumble It!