angler-fishThe Vulnerability History Project

Lesson: Security By Obscurity

Is this an example of Security by Obscurity? A widespread mantra in cybersecurity is, roughly: > Security should not be obtained through obscurity alone In other words, you can't rely on being secure by simply obfuscating or hiding. Insiders could betray that knowledge. Code can be reverse-engineered. Crowds are good at guessing. In many cases, however, obscurity is the *only* option. Encryption keys and passwords are simply astronomically obscure secrets, for example. In those cases, making sure the obscurity is very high is of utmost importance.


    There are no articles here... yet