Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

New paper on Security and Obscurity

From: "Peter Swire" <peter () peterswire net>
Date: Tue, 31 Aug 2004 23:10:01 -0400
Greetings:

        I have been lurking on Full Disclosure for some time, and now would like to
share an academic paper that directly addresses the topic of “full
disclosure” and computer security:

        http://papers.ssrn.com/sol3/papers.cfm?abstract_id=531782

        It is called “A Model for When Disclosure Helps Security: What is Different
About Computer and Network Security?”  The paper begins by analyzing the
cliché that “there is no security through obscurity.”  It observes that the
traditional military and intelligence cliché is that “loose lips sink
 ships.”

        How can disclosure both improve security (no security through obscurity)
and harm security (loose lips sink ships)?  The paper creates a model to
explain when each is true, and then compares computer/network security with
physical-world security.

        Conclusions – both clichés are often wrong.  Secrecy often helps security
(the paper tries to explain when).  Secrecy often hurts security (more
explanations).

        The paper is part of my ongoing research.  Comments emphatically welcome on
this version, and I hope to go into more depth on various topics (including
proprietary v. Open Source) in forthcoming work.

        Thanks,

        Peter

Prof. Peter P. Swire
Moritz College of Law of the
    Ohio State University
John Glenn Scholar in Public Policy Research
Formerly, Chief Counselor for Privacy, U.S.
   Office of Management and Budget
(240) 994-4142; www.peterswire.net

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: