White Hat Hacking -- role of, place of
Should white hat hacking be part of every development cycle, i.e., over here, we are building this new navigation system, and at x point we stop and go to the people who can break it and ask them to do so. And we continually have people who build, and people who try to break, even after rollout.
If breaking it is considered the opposite number to building it, then it's part of the development and support cycle, and white hat, per se, doesn't exist anymore
>> At the heart of the issue is this idea that we accept white hat hacking.
When people meddle in stuff without being paid or invited to do so, then make a reputation and eventually a business from it, it seems like things are running backwards. It's like telling someone he or she can break into your house, steal your jewelry and, as long as the person gives it back and explains how it was done, you'll pay for the knowledge. In that setting it is called a ransom. In cyber-security it's seen as normal.