Security by obscurity is security in name only.
(HT: Common Knowledge)
While common knowledge, many engineers, managers, and executives rely on it anyway. They trust that the secrecy of their protocols and application design won’t get out. However, given that most, over 75% by some measures, security breaches have help from someone on the inside, that’s really no protection at all.
Secrecy might be some additional protection, but you should design your applications, services, etc. with the assumption that the design is public knowledge to ensure it really is secure from the start.
Copyright © 2016 Sterling Hanenkamp.