Phil Muncaster, InfoSecurity Magazine, May 4, 2020
The UK’s National Cyber Security Centre (NCSC) has updated some of the terminology on its website in a bid to “stamp out racism” in the industry.
The GCHQ body’s head of advice and guidance, Emma W, revealed in a blog post that the decision was made after being contacted by a customer, who was concerned over the continued use of the words “blacklist” and “whitelist.”
The terms are commonly used in cybersecurity to denote elements such as applications, passwords or domain names that are either allowed (whitelist) or blocked (blacklist).
“However, there’s an issue with the terminology. It only makes sense if you equate white with ‘good, permitted, safe’ and black with ‘bad, dangerous, forbidden’. There are some obvious problems with this,” she explained.
“So in the name of helping to stamp out racism in cybersecurity, we will avoid this casually pejorative wording on our website in the future. No, it’s not the biggest issue in the world — but to borrow a slogan from elsewhere: every little helps.”
The NCSC is now using “allow list” and “deny list” on its website, and says the new terminology is also clearer and less ambiguous for readers.
“You may not see why this matters. If you’re not adversely affected by racial stereotyping yourself, then please count yourself lucky. For some of your colleagues (and potential future colleagues), this really is a change worth making,” concluded Emma W.
“Finally, a word from the NCSC’s technical director Ian Levy (supported by the full NCSC management board): ‘If you’re thinking about getting in touch saying this is political correctness gone mad, don’t bother.’”