Talk:Assume attackers have source code

Revision as of 05:25, 23 May 2008 by Jeff Williams (Talk | contribs)

Jump to: navigation, search

Possible Candidate for Removal

I believe the content in this article could be folded in with the Avoid security by obscurity article. In essence, the reliance on compiled code to hide the vulnerabilities that may be apparent in the source code is a form of Security Through Obscurity.

You're right, but I think it's a useful principle and should be
separate. Most developers don't realize that their code is not
a secret.  We could make Security by Obscurity a category.  Or we
could just note that this is a form of security by obscurity and
provide a link.  Jeff Williams 07:25, 23 May 2008 (EDT)