Abstract
The state of security on the Internet is bad and becoming worse. One reaction to this state of affairs is a behavior termed "Ethical Hacking" which attempts to proactively increase security protection by identifying and patching known security vulnerabilities on systems owned by other parties. Ethical hackers may beta test unreleased software, stress test released software, and scan networks of computers for vulnerabilities. Previous work has emphasized ethical hacking as an altruistic behavior but we find ethical hackers act rationally, in self-interest, to secure systems that are within their own community (sometimes for pay)-networked systems are only as secure as the weakest system within perimeter defenses.
