← Back to context

Comment by madacol

3 years ago

> Security through obscurity is not security

I've never felt comfortable with that argument

Yes, if you are a big corporation, and you have many employees with eyes on the code, there's no obscurity when an employee goes rogue, you are wide open.

But if you are the only person with access to the code, obscurity works

3 comments

madacol

Reply
EUROCARE  3 years ago

Obscurity doesn't work because someone will find the hole, they don't need the source code.

imtringued  3 years ago

This is how companies justify not patching security vulnerabilities.

  • madacol  3 years ago

    I don't follow, I said obscurity does not work for companies

    I only think it can work for very small teams with high trust