It’s one of the certainties in life: when summer approaches and the large hacking conferences such as Black Hat and DEF CON are upon us, the security media starts spinning its wheels. These are the moments when the ‘celebrities’ of our field have their red carpet premiere – what kind of fascinating new research will they show? This research is of course often about some form of hacking – and that’s exactly the point I want to address. What is the point of proving something is broken? Are we over-valuing these “stunt hacks”? And would the industry as a whole not be better off if we focused a bit less on breaking things, freeing up some of our time for building and improving?

Breaking for a cause

To start with the first: of course there is a point in proven something is broken - you could say most of our industry is working on the premise that if you don’t find a bug yourself, someone...