white hat

A white hat hacker is a computer security specialist who breaks into protected systems and networks to test and assess their security. Unlike malicious hackers, white hats operate with the owner's permission and aim to identify vulnerabilities so they can be fixed. The term originates from the visual language of early American Western films, where the heroic cowboy was often depicted wearing a white hat to distinguish them from the villain, who typically wore a black hat.

Within the cybersecurity industry, the term has long been accepted as a standard classification to distinguish intent, alongside "black hat" (malicious) and "grey hat" (ambiguous). Many practitioners view the term purely as a cinematic reference without racial connotations. However, in recent years, there has been a push within the tech industry to deprecate language that relies on "black/white" dualism (where white is good and black is bad). Proponents of this change argue that such metaphors, regardless of their cowboy origins, reinforce systemic associations between whiteness and positivity and blackness and negativity. As a result, some organizations and style guides now prefer functional descriptions over color-based metaphors.

Example:
"The company hired a white hat hacker to find bugs in their new app before it launched."

Example:
"She transitioned from being a white hat researcher to a Chief Information Security Officer."