A new organization called ihackcharities.org is recruiting skilled hackers to do volunteer work for nonprofit charitable organizations. (No, not to hack them.)

Ihackcharities.org is the brainchild of professional hacker and author Johnny Long, who founded the organization last month after a trip to Uganda with his wife to assist an organization helping widows and orphans of HIV/AIDS in that country. Long says the organization, which recently gained 501(c)(3) tax-exemption status, already has its first project underway -- building (and securing) a Website for a Ugandan song and dance group called Predestined that writes music and songs that raise awareness and funds for HIV/AIDS efforts.

Long says he wanted to apply the skills of the hacking community to charitable organizations that lack that expertise. And security researchers who volunteer for the organization get the fringe benefit of professional references and some resume-building experience, he says.

The organization initially hopes to build Websites for needy nonprofits, but Long says he hopes to expand that to broader communications projects in areas like long-haul networking. "Right now we're looking at Websites because we can market them as an easy deliverable." The goal is to hand off the Website and its operations and maintenance to the charity.

The Hacker Foundation helped get ihackcharities.org off the ground with nonprofit status as well as other support, Long says. And so far, volunteers have mostly been split between traditional IT programmers and developers and security experts, he says.

"The idea was to target the hacker community in general because there are so many skills" there, he says. But the project team for Predestined is made up of more than hackers. There's a Web developer, three programmers, a couple of technical writers, a search-engine optimization expert, and about three code reviewers that will handle the security side, as well as Long.

He admits vetting the volunteers is "one of the sketchier" parts of the job, and he's recruited mostly experts he knows in the hacker world. "The way we're doing this now is working on a non-production server."

"As we do larger sites, we're going to have to do more validation of volunteers, and have people [hackers] cough up their real names. There needs to be a trust there," Long says. "We have to be careful. Especially with sites that are doing payment processing or handling sensitive information."

The main types of security work the projects will include are best coding practices, vulnerability assessment, black-box testing, and pre-production code review, he says.

Long says he prefers having the group work with charities with which it has a personal relationship, as he does with the Ugandan Action for Empowerment organization behind Predestined. "That way, there's someone personally involved in the charity so we have an idea of what it's about behind the scenes," he says. "We don't want to be a clearinghouse for charities who want free Websites."

Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.