By Catalin Cimpanu for Zero Day | July 4, 2020MORE COMMENTS: https://www.zdnet.com/article/infosec-community-disagrees-with-changing-black-hat-term-due-to-racial-stereotyping/
The information security (infosec) community has angrily reacted today to calls to abandon the use of the 'black hat' and 'white hat' terms, citing that the two, and especially 'black hat,' have nothing to do with racial stereotyping.
Discussions about the topic started late last night after David Kleidermacher, VP of Engineering at Google, and in charge of Android Security and the Google Play Store, withdrew from a scheduled talk he was set to give in August at the Black Hat USA 2020 security conference.
In his withdrawal announcement, Kleidermacher asked the infosec industry to consider replacing terms like black hat, white hat, and man-in-the-middle with neutral alternatives.
These changes remove harmful associations, promote inclusion, and help us break down walls of unconscious bias. Not everyone agrees which terms to change, but I feel strongly our language needs to (this one in particular).
— David Kleidermacher (@DaveKSecure) July 3, 2020
While Kleidermacher only asked the industry to consider changing these terms, several members mistook his statement as a direct request to the Black Hat conference to change its name.
With Black Hat being the biggest event in cyber-security, online discussions on the topic quickly became widespread among cyber-security experts, dominating the July 4th weekend.
While a part of the infosec community agreed with Kledermacher, the vast majority did not, and called it virtue signaling taken to the extreme.
Most security researchers pointed to the fact that the terms had nothing to do with racism or skin color, and had their origins in classic western movies, where the villain usually wore a black hat, while the good guy wore a white hat.
Others pointed to the dualism between black and white as representing evil and good, concepts that have been around since the dawn of civilizations, long before racial divides even existed between humans.
Right now, the infosec community doesn't seem to be willing to abandon the two terms, which they don't see as a problem when used in infosec-related writings.