Comment by EUROCARE
3 years ago
It's the other way around. Only FOSS code has the ability to gather reviews, improvements and fixes from the general public. Security through obscurity is not security.
3 years ago
It's the other way around. Only FOSS code has the ability to gather reviews, improvements and fixes from the general public. Security through obscurity is not security.
> Security through obscurity is not security
I've never felt comfortable with that argument
Yes, if you are a big corporation, and you have many employees with eyes on the code, there's no obscurity when an employee goes rogue, you are wide open.
But if you are the only person with access to the code, obscurity works
Obscurity doesn't work because someone will find the hole, they don't need the source code.
This is how companies justify not patching security vulnerabilities.
I don't follow, I said obscurity does not work for companies
I only think it can work for very small teams with high trust