Wow… Information security has, as I imagine everyone reading this knows, understood the importance of transparency for a while now, going back to the publication of The Cuckoo’s Egg in 1989, which made the case for the first time that things needed to change. Today, the field even has a name. :)
It sounds as though locksmiths somehow think this should never apply to them, that security through obscurity will be viable forever. Which is flatly absurd. I’m sorry to hear this author has been dealing with harassment from that crowd (I don’t think sending spurious takedown requests can be called anything else). In some sense I have no skin in the physical-security game, but it’s kind of a scary attitude to hear about, nonetheless.
A certain level of obscurity can help the good guys, but it may also help the bad guys.
For example if a government organisation has discovered a security flaw in TalkToMe™ from SomeCompany™ that allows them to monitor user’s conversations. If a researcher finds out about the flaw and intends to tell the world, it is in SomeCompany’s best interest to keep it quite to make more sales, at least until they can get a new version out with a fix and sell that instead and it is in the government’s best interest to also silence the researcher so that people keep using that version and they can keep using the flaw for as long as possible.
Now replace TalkToMe™ with KeepItSafePadlock™ and government with burglar.
Wow… Information security has, as I imagine everyone reading this knows, understood the importance of transparency for a while now, going back to the publication of The Cuckoo’s Egg in 1989, which made the case for the first time that things needed to change. Today, the field even has a name. :)
It sounds as though locksmiths somehow think this should never apply to them, that security through obscurity will be viable forever. Which is flatly absurd. I’m sorry to hear this author has been dealing with harassment from that crowd (I don’t think sending spurious takedown requests can be called anything else). In some sense I have no skin in the physical-security game, but it’s kind of a scary attitude to hear about, nonetheless.
[Comment removed by author]
That’s certainly true. “As though some vocal locksmiths”, then. :)
A certain level of obscurity can help the good guys, but it may also help the bad guys.
For example if a government organisation has discovered a security flaw in TalkToMe™ from SomeCompany™ that allows them to monitor user’s conversations. If a researcher finds out about the flaw and intends to tell the world, it is in SomeCompany’s best interest to keep it quite to make more sales, at least until they can get a new version out with a fix and sell that instead and it is in the government’s best interest to also silence the researcher so that people keep using that version and they can keep using the flaw for as long as possible.
Now replace TalkToMe™ with KeepItSafePadlock™ and government with burglar.