History
The term grey hat was coined by a hacker group called L0pht in 1998. The group references it in an interview with the NY Times from 1999 describing their "gray-hat" behavior. The earliest known use of the term grey hat in the context of computer security literature may be traced back to 2001. The phrase was used to describe hackers who support the ethical reporting of vulnerabilities directly to the software vendor. He contrasted this with the full disclosure practices that were prevalent in the white hat community at the time and with the principles of the black hat, whereby no one should be made aware of security holes.
In 2002, however, the Anti-Sec community published use of the term to refer to people who work in the security industry by day, but engage in black hat activities by night. The irony was that for black hats, this interpretation was seen as a derogatory term; whereas amongst white hats it was a term that lent a sense of popular notoriety.
Following the rise and eventual decline of the full disclosure vs. anti-sec "golden era"—and the subsequent growth of an "ethical hacking" philosophy—the term grey hat began to take on all sorts of diverse meanings. The prosecution in the U.S. of Dmitry Sklyarov for activities which were legal in his home country changed the attitudes of many security researchers. As the Internet became used for more critical functions, and concerns about terrorism grew, the term white hat started referring to corporate security experts who did not support full disclosure.
Nevertheless, in 2004, Harris (et al.) published a book on grey hat methodologies. This built upon the idea that black hats have malicious intentions and do not disclose their secrets, whereas white hats always engaged in public full disclosure, freely publicising security flaws in the hope that they will be fixed. The authors espoused that grey hats fall somewhere between, in that they derive income from notifying the vendor of what needs to be fixed after they have penetrated a system.
In 2006, the term was used to describe freelance hackers who browse the Internet in search of security holes and then seek to charge the host a fee for fixing the issue.
In 2008, the EFF defined grey hats as ethical security researchers who inadvertently or arguably violate the law in an effort to research and improve security. They advocate for computer offense laws that are clearer and more narrowly drawn.
Read more about this topic: Greyhat
Famous quotes containing the word history:
“There are two great unknown forces to-day, electricity and woman, but men can reckon much better on electricity than they can on woman.”
—Josephine K. Henry, U.S. suffragist. As quoted in History of Woman Suffrage, vol. 4, ch. 15, by Susan B. Anthony and Ida Husted Harper (1902)
“The whole history of civilisation is strewn with creeds and institutions which were invaluable at first, and deadly afterwards.”
—Walter Bagehot (1826–1877)
“Jesus Christ belonged to the true race of the prophets. He saw with an open eye the mystery of the soul. Drawn by its severe harmony, ravished with its beauty, he lived in it, and had his being there. Alone in all history he estimated the greatness of man.”
—Ralph Waldo Emerson (1803–1882)