A system relying on security through obscurity may have theoretical or actual security vulnerabilities, but its owners or designers believe that the flaws are not known, and that attackers are unlikely to find them. The basis of STO has always been to run your system on a “need to know” basis. If a person doesn’t know how to do something which could impact system security, then s/he isn’t dangerous. The technique stands in contrast with security by design.
stay updated via rss