[3][4] According to one definition of a grey-hat hacker, when they discover a vulnerability, instead of telling the vendor how the exploit works, they may offer to repair it for a small fee.
[1][8] Moreover, at this conference a presentation was given in which Mudge, a key member of the hacking group L0pht, discussed their intent as grey hat hackers to provide Microsoft with vulnerability discoveries in order to protect the vast number of users of its operating system.
[9] Finally, Mike Nash, Director of Microsoft's server group, stated that grey hat hackers are much like technical people in the independent software industry in that "they are valuable in giving us feedback to make our products better".
[10] The phrase grey hat was used by the hacker group L0pht in a 1999 interview with The New York Times[11] to describe their hacking activities.
[2] In 2002, however, the Anti-Sec community published use of the term to refer to people who work in the security industry by day, but engage in black hat activities by night.
Following the rise and eventual decline of the full disclosure vs. anti-sec "golden era"—and the subsequent growth of an "ethical hacking" philosophy—the term grey hat began to take on all sorts of diverse meanings.
As the Internet became used for more critical functions, and concerns about terrorism grew, the term "white hat" started referring to corporate security experts who did not support full disclosure.