Security Through Obscurity

Some software is not secure — it is vulnerable to attack. Witness the all to numerous prevalence of security fixes; patches to commercial operating systems and open source packages; the amount of criminal activity, notably in the form of “phishing,” that has been enabled by security lapses.

This is the subject immediate concern and ongoing debate, and incomparisons between commercial and open software you wll find mention of “security through obscurity.” One group argues that software should not be available in source form, as doing so makes it harder for attackers to mount attacks and they must first deduce how the software works. Another school argues that it is better for the software to be open, so it can be freely examined by both attackers and defenders, on the grounds that the collective efforts of the defenders will result in changes that will make the software less vulnerable to attack.

By the way,I once asked a leading expert at IBM about this issue, not so much about open versus closed, but as to whether it made much difference what programing language was used. Was Java more secure than C or C++, that sort of thing? The gist of his response was “it really doesn’t matter. Writing secure software is hard, and you will about the same number of bugs per thousand lines of software.”

But I write this not to engage in the security debate, but to express the lesson I took away from my brief encounter with non-obscurity recounted in the previous posts, namely:

Don’t write a blog expecting that anyone will read it. It’s hard to write an interesting blog that will attract attention and there are millions of other bloggers competing for attention. You are laboring in obscurity.

But I also find this observation liberating. It means that while of course you are writing words you hope you will be read, you should only write those words if the act of doing so brings its own rewards. One of them is to improve your writing skills. Another is to clarify your thoughts. And, perhaps most important, you need to find something to write about to which you can bring a passion that goes beyond your own private views and concerns.

Put another way, you aren’t really writing to attrach the attention of others. You should write only if you can atract and sustain your own attention and, knowing that you are laboring in obscurity, you should not play it safe, but need be willing to take a risk, to try something new.

2 Trackbacks

  1. […] that can be found on other sites. I also did this because I know that most bloggers, including me, labor in obscurity. Once you accept this, then you realize there is no one out there who cares about your categories, […]

  2. […] Bloggers also labor in obscurity. See Security Through Obscurity. On the escape velocity from obscurity, and The Long March Up From Obscurity: Technorati Authority […]

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

  • Pages

  • September 2006
    M T W T F S S
  • RSS The Wayward Word Press

  • Recent Comments

    daveshields on SPITBOL for OSX is now av…
    Russ Urquhart on SPITBOL for OSX is now av…
    Sahana’s Respo… on A brief history of Sahana by S…
    Sahana’s Respo… on A brief history of Sahana by S…
    James Murray on On being the maintainer, sole…
  • Archives

  • Blog Stats

  • Top Posts

  • Top Rated

  • Recent Posts

  • Archives

  • Top Rated

  • %d bloggers like this: