Difference between revisions of "Talk:Assume attackers have source code"

From OWASP
Jump to: navigation, search
(Possible Candidate for Removal)
 
Line 2: Line 2:
  
 
I believe the content in this article could be folded in with the [[Avoid security by obscurity]] article. In essence, the reliance on compiled code to hide the vulnerabilities that may be apparent in the source code is a form of Security Through Obscurity.
 
I believe the content in this article could be folded in with the [[Avoid security by obscurity]] article. In essence, the reliance on compiled code to hide the vulnerabilities that may be apparent in the source code is a form of Security Through Obscurity.
 +
 +
You're right, but I think it's a useful principle and should be
 +
separate. Most developers don't realize that their code is not
 +
a secret.  We could make Security by Obscurity a category.  Or we
 +
could just note that this is a form of security by obscurity and
 +
provide a link.  [[User:Jeff Williams|Jeff Williams]] 07:25, 23 May 2008 (EDT)

Revision as of 06:25, 23 May 2008

Possible Candidate for Removal

I believe the content in this article could be folded in with the Avoid security by obscurity article. In essence, the reliance on compiled code to hide the vulnerabilities that may be apparent in the source code is a form of Security Through Obscurity.

You're right, but I think it's a useful principle and should be
separate. Most developers don't realize that their code is not
a secret.  We could make Security by Obscurity a category.  Or we
could just note that this is a form of security by obscurity and
provide a link.  Jeff Williams 07:25, 23 May 2008 (EDT)