As the article states, it is certainly true that most security holes are not found by the software maker. And therein really lies the problem. Instead of advocating hacking and/or cracking from an external perspective, I would rather see a greater emphasis put on testing the systems and/or software internally. That is, after all, the whole basis of security testing.
The problem with relying on "good faith" hackers is that you rarely find hacks or cracks "innocently". You are usually looking for them. Sometimes those people report to the software makers. Unfortunately, many, many more of them do not.
So, again, a really good idea is that companies should hire QA and test practioners who can hack into systems or who know about how hacks and cracks work and can test for various types of vulnerabilities relative to the system/software under concern. I have gotten more contracts (and some of my best paying ones) by showing I know how to do a very strict regime of vulnerability tests.
That is the emphasis I would like to see companies putting their focus on. I would rather see an internal effort made by companies regarding their security rather than promoting the idea of external efforts. The problem I have found, of course, is that most QA/test practitioners would not know how to hack or crack a system if their life depended on it. For example, I cannot remember the last "security tester" I met who actually knew how to use SoftIce. I cannot remember the last "security tester" who knew how to at least begin starting to test the common vulnerabilities of Unix or Windows systems.
This is a pity all the more so because I hear so many people talking about what they can do to get jobs or contracts since things are tight and one of the best things you can do is learn security and vulnerability testing. That is a great asset to put on your resume and it is a great selling point when you go into interviews. You do not have to take expensive classes for this or become a SysAdmin. You can buy a few of the better books on these topics or, sometimes even better, visit the many "how-to" sites on hacking and cracking. (Granted, some of them change URLs from time to time, but you can find what you need.) There is a certain poetic justice, I think, in using the information on these sites to actually help companies (and keep yourself as a viable company asset) rather than using them to harm companies.