You are viewing a single comment's thread from:

RE: Security by obscurity? Symantec wants to keep it's source code secret in response to Russia?

in #cybersecurity8 years ago

This sounds like a horrible decision to me personally. Fresh out of college, it is basically ingrained in our heads that security through obscurity does not work.

Just because people cannot see your source code does not mean they can't find vulnerabilities. I feel it adds too much ability for nefarious actors to find vulnerabilities while white hats are not even looking for any.

And like you stated, you then have no idea of how they are actually implenting their code. There is no way to no for sure it is secure or not. It is lack closed source encryption vs open. Do you want encryption that has been tried and tested by the community, or encryption that says it is great with no community consensus. It puts heavy trust onto the company to find their own vulnerabilities..... But how can a team of, let's be generous, 100 people, do better than the entire security community....

It'll be interesting to ask my colleagues at work tomorrow about this as we use SEP for all of our workstations.

8 years ago in #cybersecurity by
$0.00
    Reply 0
    Sort:  
  • Trending