Taking a chance on hackers
Hiring hackers may be the right thing to do -- with proper supervision
Follow @infoworldPolitician Henry L. Stimson once said, "The chief lesson I have learned in a long life is that the only way you can make a man trustworthy is to trust him; and the surest way to make him untrustworthy is to distrust him and show your distrust."
This quotation came to mind a couple of weeks ago when I read that the author of the Sasser worm had been hired to work as a security programmer by a German outfit.
Now that the hand-wringing has subsided, think about it rationally: What else is Sven Jaschan qualified to do for a living?
If everyone who's ever misused a computer in a felony-grade rap is blackballed from working in the field, the best opportunity possible for rehabilitating these people is lost.
Some people may put words in my mouth and imply that I believe computer-related crimes deserve nothing more than a slap on the wrist. They couldn't be more wrong. Use of a computer to defraud should be treated as sternly as any white-collar crime.
Well, maybe that's not the best example.
What Jaschan did was well-intentioned, but it was also dumb and destructive. If one changes a few of the details, it feels just like 1988, when Robert T. Morris unleashed the first sendmail worm. Morris certainly meant no harm, and Jaschan was actually trying to remedy the effects of two other viruses current at the time.
Motive is always a mitigating factor; it's a matter of context. But more importantly, it's about simple humanity. I've had to ask for forgiveness before, and I'll have to do it again; who among us will never be in that boat? Anyone? Bueller?
Under proper supervision, the kid could contribute a great deal to the never-ending task of hardening the Internet. I applaud his new employers -- German firewall developers Securepoint -- for taking a risk, and even if some of their motivation was to get a little free ink, it's still a noble gesture. Now all Jaschan has to do is stay out of trouble. For his sake, I hope he can because I don't like to give third tries or, as the saying goes, "Fool me once, shame on you; fool me twice, shame on me."
There's another good reason for making sure Jaschan and people like him can earn as much money as they can -- how better can they make restitution to the people they hurt? Flipping burgers isn't going to cover the bill, after all.
This isn't about rewarding people like Sven Jaschan, as some have claimed. It's about giving them the chance to atone for their deeds, to make their victims whole, and to redeem their good names. I imagine anyone reading this column would appreciate an opportunity to do the same, in similar circumstances.
