Talk:Assume attackers have source code

From OWASP
Jump to: navigation, search

Possible Candidate for Removal

I believe the content in this article could be folded in with the Avoid security by obscurity article. In essence, the reliance on compiled code to hide the vulnerabilities that may be apparent in the source code is a form of Security Through Obscurity.

You're right, but I think it's a useful principle and should be
separate. Most developers don't realize that their code is not
a secret.  We could make Security by Obscurity a category.  Or we
could just note that this is a form of security by obscurity and
provide a link.  Jeff Williams 07:25, 23 May 2008 (EDT)
I don't know if it is quite broad enough to become a Category; perhaps linking 
to Avoid security by obscurity would be a better way to go. --Cduffey346 17:12, 23 May 2008 (EDT)