Can Security Through Obscurity Be A Good Thing?
Source: IT World
In the security field, one of the earliest lessons we learn is that security through obscurity is a negative thing. Security through obscurity -- relying on hidden code and obscure functions to keep information secure rather than focusing on secure applications and architecture -- is not a safe method of protecting information. Is it?
The real problem with security through obscurity lies in what happens when the obscurity starts to lift. The security community has seen this over-and-over with Microsoft products. Their source code is a jealously guarded secret, concealed to keep it secure. However, the more the software gets used, the less obscure it becomes; the more the software gets used, the more security vulnerabilities are found in it. Security through obscurity does not help in this case.