Can you trust a hacker? What if that hacker was convicted and served time for his offenses? I ask because I'm back from last week's RSA Conference in San Francisco, where those questions were hot topics.

I don't think convicted hackers should be rewarded or become celebrities simply because of their crimes.

Two years ago, computer security companies bragged about hiring former hackers; who better to plug security holes, the thinking went, than the folks who were so good at finding and exploiting them?

But ever since the passage of the Patriot Act in October 2001, with its stern penalties for hacking, that kind of thinking has fallen out of fashion. Generally, I think that's a good thing: I don't think convicted hackers should be rewarded or become celebrities simply because of their crimes. The same holds true for those who have escaped prosecution.

That said, I think Kevin Mitnick, who spoke at the RSA conference, and others like him have some valuable lessons to teach anyone who's concerned about security.