Hack Away?Hack Away?

Hackers should do their best to find software vulnerabilities--as long as they do it responsibly. That's the message White House computer-security adviser Richard Clarke gave attendees at last week's Black Hat com-puter-security conference in Las Vegas.

It's important for hackers to report flaws to the software companies first, then report to the government if the vendor doesn't respond properly, he said. It's "very disappointing" when companies press charges against hackers who act in good faith, Clarke said, adding that the government is considering legislation to protect those people.

Pete Lindstrom, director of security strategies at analyst firm Hurwitz Group, says the campaign for good-faith hacking is a mistake. "I don't really believe Clarke should be going there," he says. "Encouraging hacking is a horrible message for the cybersecurity czar to be getting out to mainstream."

The problem is that it's not easy to separate the good guys from the bad, Lindstrom says. "It's close to impossible to get a good sense of that without evaluating things on a case-by-case basis, and I'm not sure that's cost-effective."