be careful of so-called white hat hackers…
these guys/gals notify you of the exploits they used (but did not develop), you think- great, this really nice white-hat told me what was wrong- so you don’t get angry or press charges, low and behold: he stole all of your sensitive corp. data and sold it for whatever he could scrounge… I’ve heard of it before.

So in conclusion, I’m not quite sure how I feel on the subject. Although- I doubt any skilled white-hat’s going to hack your net-work just to be nice, prolly just some script kiddie trying not to get in trouble?