A report from the Rand Corporation ..
"A report from the Rand Corporation suggests"
Who paid for this 'report`?
A report from the Rand Corporation suggests the increasing market for software vulnerabilities that can be sold legitimately is tempting the most 1337 hackers and crackers to go legit, rather than suffer the vagaries of the black market in code and credentials. "There's an economic seesaw in the market," Michael Callahan, VP of …
"a legitimate source of income"
If you consider it's legitimate to sell to the US government so they can plant malware on millions of computers to help them spy on the whole world.
Planting malware on computers in foreign countries is still a crime in those countries, even if the US government has said it's OK.
Ethics doesnt come into it if you want the job done. It also depends on your business, if you're a veal and fois gras farmer the whitehat with morals might turn against you if your methods arent to his taste, see Mr Snowden, im sure he didnt intend to blow the whistle when he first signed up for his job.
You can always trust a thief to be a thief. Makes it easier to handle the risk in my opinion. If I know what someone has been upto its easier to weigh up the risk than if I had someone that hasnt been naughty that could be. The black hat will know he is under scrutiny whereas the white hat knows he has implicit trust. Who is the most dangerous.
Simply apply logic to similar circumstances to see if you're being a retard. Would you intrinsically trust software from a company simply because they have no history of skullduggery? No of course not. No history doesnt mean no potential for badness.
Lastly, I dont know a single blackhat that became a blackhat as a career choice. They're people with families to feed like anyone else and they ended up blackhat because it puts food on the table. Historically the only way if you possess a specific skillset.
Blackhats, as in any industry, are a product of circumstance. If the carrot is bigger on one side of the fence wouldnt you be tempted?
Blackhat vs Whitehat is just another form of discrimination businesses use for lazy human resourcing. Why bother with detailed interviews and background checks when you can just vaguely profile people. Am I right HR managers?