[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-Disclosure] New paper on Security and Obscurity
- To: <full-disclosure@xxxxxxxxxxxxxxxx>
- Subject: [Full-Disclosure] New paper on Security and Obscurity
- From: "Peter Swire" <peter@xxxxxxxxxxxxxx>
- Date: Tue, 31 Aug 2004 23:10:01 -0400
Greetings:
I have been lurking on Full Disclosure for some time, and now would
like to
share an academic paper that directly addresses the topic of ?full
disclosure? and computer security:
http://papers.ssrn.com/sol3/papers.cfm?abstract_id=531782
It is called ?A Model for When Disclosure Helps Security: What is
Different
About Computer and Network Security?? The paper begins by analyzing the
cliché that ?there is no security through obscurity.? It observes that the
traditional military and intelligence cliché is that ?loose lips sink
ships.?
How can disclosure both improve security (no security through obscurity)
and harm security (loose lips sink ships)? The paper creates a model to
explain when each is true, and then compares computer/network security with
physical-world security.
Conclusions ? both clichés are often wrong. Secrecy often helps
security
(the paper tries to explain when). Secrecy often hurts security (more
explanations).
The paper is part of my ongoing research. Comments emphatically
welcome on
this version, and I hope to go into more depth on various topics (including
proprietary v. Open Source) in forthcoming work.
Thanks,
Peter
Prof. Peter P. Swire
Moritz College of Law of the
Ohio State University
John Glenn Scholar in Public Policy Research
Formerly, Chief Counselor for Privacy, U.S.
Office of Management and Budget
(240) 994-4142; www.peterswire.net
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html