A white hat (or a white-hat hacker, a whitehat) is an ethical security hacker. Under the owner's consent, white-hat hackers deliberately hack software or system with the aim of identifying any vulnerabilities or security issues it has, helping to reinforce it from black hat hackers.
The white hat is contrasted with the black hat, a malicious hacker; this definitional dichotomy comes from Western films, where heroic and antagonistic cowboys might traditionally wear a white and a black hat, respectively. There is a third kind of hacker known as a grey hat who hacks with good intentions but at times without permission or proper consent.
White-hat hackers may also work in teams called "sneakers", hacker clubs, red teams, or tiger teams.
History of term
The modern contrast between white hat and black hat derives from the convention in Western films in which heroic characters were associated with white hats and villains with black hats. By the mid-1960s, white hat was being used more generally in American English to mean a person perceived as one of the "good guys" or as being on the side of right.
Employment
Interviews of staff in the UK in 2011 suggest that ethical hackers working for companies have skills around social engineering, mobile tech, and social networking.
In professional employment, the work of white-hat hackers substantially overlaps with penetration testing and ethical security testing with the ethical hacker most closely covering the role of a penetration tester, simulating the attacks used by malicious hackers in order to understand how systems can be defended.
White-hat roles may be filled by in-house staff or by third-party specialists contracted to test an organisation's security.
Tools
A wide variety of security assessment tools are available to assist with penetration testing, including free-of-charge, free software, and commercial software.
Legality
Belgium
Belgium legalized white hat hacking in February 2023.
China
In July 2021, the Chinese government moved from a system of voluntary reporting to one of legally mandating that all white hat hackers first report any vulnerabilities to the government before taking any further steps to address the vulnerability or make it known to the public. Commentators described the change as creating a "dual purpose" in which white hat activity also serves the country's intelligence agencies.
Notable people
<!---♦♦♦ Only add a person to this list if they already have their own article on the English Wikipedia ♦♦♦--->
<!---♦♦♦ Please keep the list in alphabetical order by LAST NAME ♦♦♦--->
- Jim Browning, alias of a Northern Ireland white hat hacker, scam baiter, and journalist, with investigations published on YouTube and on BBC programmes such as Panorama and Scam Interceptors
- Charlie Miller, an American white hat hacker previously employed by the National Security Agency and Uber who has, amongst other exploits, published successful hacks into the vulnerabilities of the computer on a 2014 Jeep Cherokee along with Chris Valasek, being able to take control of acceleration, braking, and steering
- Jennifer Arcuri, an American technology entrepreneur founded the white hat consultancy Hacker House in 2016.
See also
- Bug bounty program
- IT risk
- Locksmith
- MalwareMustDie