Interesting People mailing list archives
Re: Security By Obscurity = Ignorance Is Strength
From: David Farber <dave () farber net>
Date: Wed, 3 Sep 2008 20:10:35 -0400
Begin forwarded message: From: Rod Van Meter <rdv () sfc wide ad jp> Date: September 3, 2008 7:31:45 PM EDT To: Peter John Hill <peterjhill () mac com>, David Farber <dave () farber net> Subject: Re: [IP] Re: Security By Obscurity = Ignorance Is Strength
There is a risk that "bad people" will find a vulnerability before a "good person" does. Thus is born the zero-day attack. On the other hand, there are many many many research groups who are working to find the bugs before the "bad people" do.
More importantly, the goal is not to find and fix problems in the field before the bad guys find and exploit them, it's to open up the *design phase* so that vulnerabilities are found and fixed *before widespread deployment*. In that sense, it doesn't even necessarily matter if the problems are found by White Hats or Black Hats -- if the Black Hats can't keep their collective mouths shut and wait patiently for deployment and a good opportunity to exploit, then they in effect do the work of White Hats. (Not that I know of any such instance, but It Could Happen.) In theory, you could design an airplane, a building, a microprocessor, a security system, or an operating system the same way. When asking for a community to help with your design, you simply have to balance the work of managing distributed contributors, including analyzing the *possible* problems they find, versus the work of doing it all yourself. (Certainly the hassle of setting up a SourceForge page and getting help wouldn't pay off if your goal is to have a good "Hello, world" program.) --Rod ------------------------------------------- Archives: https://www.listbox.com/member/archive/247/=now RSS Feed: https://www.listbox.com/member/archive/rss/247/ Powered by Listbox: http://www.listbox.com
Current thread:
- Security By Obscurity = Ignorance Is Strength David Farber (Sep 03)
- <Possible follow-ups>
- Re: Security By Obscurity = Ignorance Is Strength David Farber (Sep 03)
- Re: Security By Obscurity = Ignorance Is Strength David Farber (Sep 03)
- Re: Security By Obscurity = Ignorance Is Strength David Farber (Sep 03)