New "inclusive" terminology on CompTIA exams

JDMurray

I just attended a CompTIA Instructor Network webinar on the new Security+ exam officially released this month. One thing that caught my attention was a slide illustrating changes that CompTIA has made in the terminology on all of its its exams to remove words that can be perceived in a racist or sexist context. Although these terms are by no means standard (NIST, etc.), it is important to learn and recognize these new terms when studying for any CompTIA exam going forward . 

CompTIA's Inclusive Language

Deprecated Terminology = Updated Terminology

White Hat = Authorized Hacker
Black Hat = Unauthorized Hacker
Gray Hat = Semi-authorized Hacker
Whitelist = Allow list/Approved list
Blacklist = Block list/Deny list
White box = Known environments
Black box = Unknown environments
Grey box = Partially known environments
Mantrap = Access Control Vestibule
Demilitarized Zone (DMZ) = Screened subnet
Man-in-the-Middle/Man-in-the-Browser = On-path Attack

balance

Thanks

bigdogz

thank you for the update.

cyberguypr

Very nice. My company just went through the exercise of getting rid of the whitelist/blacklist, master/slave terminology.

JDMurray

I don't agree of their remapping of "Gray Hat." The "hats" have more to do with ethics than specifically authorization. I would have also remapped "Man-in-the-Middle/Man-in-the-Browser" to "Mid-point attack." An MitM attack can also be off-the-path but still in the middle, such as when using a tap or mirror port.

itdept

sigh.....

bigdogz

itdept said:

sigh.....

That's not on the inclusive list

balance

Believe it or not around a month ago, I had a student (soldier) tell me during a security+ boot camp that “I was not allowed to use the term cracker or black hat".  So, this inclusive terminology is creeping in quickly. 

JDMurray

"cracker"    This term has not had a racial context since the 1970's and was heard mostly on TV shows like "Sanford and Son."

tedjames

JDMurray said:

"cracker"    This term has not had a racial context since the 1970's and was heard mostly on TV shows like "Sanford and Son."

Hey, I'm proud to be a cracker! I guess that the Black Hat security conference will have to change its name to the Unauthorized Hacker security conference (UnHack for short). Anybody going to UnHack 2021?

balance

Yea  I told the student that amazon was in a world of hurt because they have an entire category of  food labeled "Crackers" 

cyberguypr

balance said:

Yea  I told the student that amazon was in a world of hurt because they have an entire category of  food labeled "Crackers" 

The rumor is the category will be relabeled as "Thin, dry, and crispy baked biscuit"  

SteveLavoie

Warning rant following.. maybe it is because I am a mid-40 white hetero man(and identifying as a man) from Canada(a country where social context is better than USA), but I find it a bit ridiculous all those terminology change just to not offend people(be it by race or sex gender/orientation). It's not because the word change that the wrong are corrected.  Black is a valid color (as in color, not as in race). Master and slave hard drive does not imply human slavery. I think it is a way that Orwell's Newspeak is beginning to be implanted. I dont deny that society need to correct thing, that bad situation does not exist, but changing technology term won't change or do anything to change social inequality.  End of rant 

scaredoftests

<sigh>

malachi1612

Knew this would happen

bigdogz

@JDMurray

Without you getting into any trouble, what are your thoughts on this subject?

IMHO... I think the list may change which would cause more confusion.

JDMurray

I think this is purely a marketing move. CompTIA has decided to "virtu-signal" by creating its own non-industry-standard terminology. CompTIA's leaders may think that they are helping to spearhead a formal change in IT industry terminology that is necessary to enact beneficial social change. Changing a few terms will do little to change how people think and act. I also think the greater demand to effect superficial social changes is only temporary and will loose significant momentum after next week--especially if there is a change in office.

bigdogz

I would tend to agree with you with the exception of these changes being temporary unless they change for the sake of change.

malachi1612

Its change for the sake of change.  I bet this was something they only thought about to implement a few weeks ago.

Just leave it how it was, no one was complaining about the terminology.

thomas_

How is DMZ a racist or sexist term?  It’s a military term applied to IT.  

The only way I can possibly think they’re related is if you think the military is inherently racist and sexist which at that point aren’t you being a bigot by applying a label to entire groups of people?

scaredoftests

I know..a head scratcher.. 

JDMurray

Consider the possibility that CompTIA is not reacting to any specific external stimuli but is instead having its policies influences by a group of social justice warriors that are internal to their org. This very situation has become apparent at publishing organizations such as The New York Times, The Washing Post, Spotify, and even the Merriam-Webster online dictionary.

thomas_

Here are some terms they missed.  I’m sure they’ll get them on the next pass:

-motherboard:  not inclusive to fathers, women without children and men without children.

-male/female connector:  not inclusive because it’s forcing stereotypical gender norms on people who may not identify with said norms.

-server farm:  clearly the word “farm” is a euphemism for plantation and its use is a microagression towards people of color in Information Technology 

/sarcasm

tedjames

For awhile there on InfoSec Twitter, especially after certain "police-related" events, several people were discussing the need to rename some of the above words in an attempt to be more politically correct.

E Double U

This is one of my favorite threads 

NetworkSpoon

I agree with the Sighs, cant wait for someone to Tech-Shame me for using the wrong term....

p-coder

tedjames said:

Hey, I'm proud to be a cracker!

This term is not used as much anymore, but it still has a derogatory meaning. Wikipedia says, "Cracker, sometimes white cracker or cracka, is an ethnic slur directed towards white people, used especially against poor rural whites in the Southern United States." I guess the modern equivalent would be something like "white trash."  See Wikipedia: https://en.wikipedia.org/wiki/Cracker_(term)

tedjames said:

For awhile there on InfoSec Twitter, especially after certain "police-related" events, several people were discussing the need to rename some of the above words in an attempt to be more politically correct.

I do not think that the issue is really about being politically correct. Because the original terms do not offend people in the position of w**** p********, it is more relevant to talk to friends and family members who have experienced a lot of racism in their lives and see how they feel about terms in technology like "master" and "slave".

thomas_

No, the issue usn’t about being politically correct.  It’s about playing identity politics.  It’s about forcing ideology down someone’s throat and then “cancelling” anyone who dares to vocalize that some of the things they are suggesting is ridiculous.

Unfortunately, the word “racism” and “racist” have been abused and misused so much they’re starting to lose their meaning.  People weaponizing the word racist and using it to label someone who simply has different political opinions than themselves really devalues the word and makes it hard for people to take claims of racism serious.

JDMurray

Many organizations have decided to make socially-sensitive changes, both internally and externally, to avoid unjustified negative public relations reactions (e.g., "cancellation"). These changes usually do not produce specific, measurable results, but are simply meant to superficially appease a very narrow segment of the consumer market.

@thomas_ , you should make it explicitly clear that you do not believe that CompTIA is playing identity politics, and is likely attempting to avoid the negative targeting of its customers, potential customers, advertisers, and stakeholders from the intolerant actions of the "woke culture."