nCircle.com >> 360 Security

« RSA Next Week | Main | SCADAGard SIG To Be Established »

The fight over the word "hacker"...

I just finished reading Michael Bauer's new post on the O'Reilly Network entitled "Fear and Loathing in Information Security". And I found myself shaking my head.

As long as I've been in information security, I've listened to people in the community complain about the misappropriation of the word "hacker" by the mainstream to mean "criminal". We tried to get them to call the criminals "crackers". We whined. We complained. We protested. We like the word and we wanted everyone else to like it too.

But it's 2005. And Mr. Bauer is just plain wrong.

To put it very simply: there are two very distinct understandings of the word "hacker". One of those is understood by our peers in the infosec and software community - it's a compliment about the way someone approaches ingenious problems. If someone in that community calls me a hacker, I take it as a compliment.

The other meaning of "hacker" is the one understood in the mainstream - my mom's (and probably your mom's) definition of the word. In that world, a hacker is a person who breaks into things. The public doesn't view "hacker" as a term implying skill - only a term implying a pest who breaks into their computers and steals their information. And, the people talked about in the speech he was quoting were exactly those types of peopele - we'd call them script kiddies or some equally derogatory term. And my mom (and probably your mom) would call them "hackers".

That isn't going to change. It's time to get over it.

We can feel free to use the word as we see fit amongst ourselves - it's jargon for our community. However, the rest of the world won't ever change to use the word that way.

And we can revel in that fact - we have a word that the rest of the world doesn't need to understand. It's something that means a different thing to our peers than to outsiders of our little club. It differentiates the person who got their CISSP as a checkbox on their resume and studied only from "CISSPs for Dummies" from the person who got it because they felt like reading the Rainbow series and academic papers on crypto and decided that it was a convenient reason to do so.

We also have to learn to use the word in appropriate senses at the appropriate time. Or when to use it and when not to.

Of course, Mr. Bauer doesn't need to address these issues - he's writing on the O'Reilly Network. They understand that meaning of the word.

One can be incredibly self-righteous when he knows that he's preaching to the choir.

Posted on February 12, 2005 5:35 PM |

Search


About

This page contains a single entry from the blog posted on February 12, 2005 5:35 PM.

The previous post in this blog was RSA Next Week.

The next post in this blog is SCADAGard SIG To Be Established.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]