Full Disclosure mailing list archives
New paper on Security and Obscurity
From: "Peter Swire" <peter () peterswire net>
Date: Tue, 31 Aug 2004 23:10:01 -0400
Greetings: I have been lurking on Full Disclosure for some time, and now would like to share an academic paper that directly addresses the topic of full disclosure and computer security: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=531782 It is called A Model for When Disclosure Helps Security: What is Different About Computer and Network Security? The paper begins by analyzing the cliché that there is no security through obscurity. It observes that the traditional military and intelligence cliché is that loose lips sink ships. How can disclosure both improve security (no security through obscurity) and harm security (loose lips sink ships)? The paper creates a model to explain when each is true, and then compares computer/network security with physical-world security. Conclusions both clichés are often wrong. Secrecy often helps security (the paper tries to explain when). Secrecy often hurts security (more explanations). The paper is part of my ongoing research. Comments emphatically welcome on this version, and I hope to go into more depth on various topics (including proprietary v. Open Source) in forthcoming work. Thanks, Peter Prof. Peter P. Swire Moritz College of Law of the Ohio State University John Glenn Scholar in Public Policy Research Formerly, Chief Counselor for Privacy, U.S. Office of Management and Budget (240) 994-4142; www.peterswire.net _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- New paper on Security and Obscurity Peter Swire (Aug 31)
- Re: New paper on Security and Obscurity gadgeteer (Sep 01)
- Re: New paper on Security and Obscurity Dave Aitel (Sep 01)
- Re: New paper on Security and Obscurity gadgeteer (Sep 01)
- Re: New paper on Security and Obscurity stephane nasdrovisky (Sep 01)
- Re: New paper on Security and Obscurity stephane nasdrovisky (Sep 01)
- Re: New paper on Security and Obscurity Barry Fitzgerald (Sep 01)
- RE: Response to comments on Security and Obscurity Peter Swire (Sep 01)
- RE: Response to comments on Security and Obscurity Dave Aitel (Sep 01)
- Security & Obscurity: First-time attacks and lawyer jokes Peter Swire (Sep 02)
- Re: Security & Obscurity: First-time attacks and lawyer jokes Georgi Guninski (Sep 02)
- RE: Response to comments on Security and Obscurity Peter Swire (Sep 01)