Anyone who’s worked in any field related to internet security for any length of time has used the term hacker, or had the term used on them. We don’t use this term in AlienVault documentation, and thanks to some questions from fellow wordgeeks outside the company, I wanted to talk about why that is.
One of the primary missions of technical documentation is to be absolutely clear and context-neutral. You can’t know what the technical, educational, or socio-political background of your readers is; if you’re lucky and you work with an awesome sales team with global reach, the people reading your documentation come from an incredibly diverse, global audience, so the language used in your docs should be impossible to misinterpret no matter who or where the reader is.
Back in the 13th century, a hacker was “a chopper, cutter," perhaps also "one who makes hacking tools." But by the time the term was used to refer to computers or technology generally, in 1975, it was already divergent, meaning both "one who works like a hack at writing and experimenting with software, one who enjoys computer programming for its own sake," and "plodding, routine work."
Any time you have to rely on a modifier to make it clear what you mean, and your choice is between diametric opposites, you’re dealing with a problematic and highly contextualized term. For an example of this, you don’t have to look any further than Charlie Miller and Chris Valasek, the security researchers (there’s one term) who in 2015 figured out how to remotely take control of a Jeep Cherokee through Uconnect, and then presented that information at the Black Hat conference (there’s another connotation) and made the code available on the internet. They’d worked with Chrysler in advance, of course, so people paying attention could protect themselves. Sorta. And therein lies so much ambiguity. For the people who were paying attention, Miller and Valasek were the good kinds of hackers who find vulnerabilities in advance of the bad kinds of hackers finding those same vulnerabilities and exploiting them. The cars are deemed “hackable” (that’s bad, other than when you want to customize those features, then that’s good.). Miller and Valasek are “hackers” according to the community (that’s good) but also “hackers” to Chrysler (that’s bad.)
See the problem there? What you say and how you say it is entirely a function of your contextual relationship to the code.
The term hacker is much like many other jargon terms that have fallen into pejorative use by the mainstream while still being claimed or re-claimed by those once denigrated by them…and all this ambiguity is not at all acceptable for inclusion in context-neutral documentation.
As much as I cringe at referencing Wikipedia as a reference, this article is spot-on.
As usage has spread more widely, the primary misunderstanding of newer users conflicts with the original primary emphasis. In popular usage and in the media, computer intruders or criminals is the exclusive meaning today, with associated pejorative connotations. (For example, "An Internet 'hacker' broke through state government security systems in March.") In the computing community, the primary meaning is a complimentary description for a particularly brilliant programmer or technical expert. (For example, "Linus Torvalds, the creator of Linux, is considered by some to be a hacker.") A large segment of the technical community insist the latter is the "correct" usage of the word.
We can't afford to have that kind of ambiguity in our documentation, and beyond that, we also cannot afford to use a term that’s loaded with connotations of inclusivity or exclusivity.
So here at AlienVault, we stick to precisely descriptive terms; we have malicious actors, we have security researchers, but unless we have the fortune to be talking about Linus himself, you’ll never see hackers in our documentation.