Browse Definitions :
Definition

security through obscurity

Contributor(s): Matthew Haughn

Security through obscurity (STO) is reliance upon secrecy in software development to minimize the chance that weaknesses may be detected and targeted.

Security through obscurity is often achieved by developing code in secret, protecting it from unauthorized access and maintaining the software’s proprietary closed source status.  The approach can be effective in combination with other measures but STO on its own is deprecated. Used to bolster more effective approaches such as security by design, security through obscurity can add another layer of protection.

Security through minority is a subcategory of STO that is based on code that is infrequently used.  That approach relies on the knowledge that hackers looking for vulnerabilities to exploit typically seek commonly-used software to maximize sales of malware and hacking scripts and increase the number of computers they can reach.

Similarly, security through obsolescence relies on the fact that programs that are no longer used are less likely to be exploited because few are familiar with coding for them-- let alone exploiting their code.

Security through diversity can also be effective. This approach involves using a combination of piecemeal components.  Security through diversity can make a system harder to target and can be inherently more secure than a well-known monolithic solution.

This was last updated in July 2015

Continue Reading About security through obscurity

Join the conversation

2 comments

Send me notifications when other members comment.

Please create a username to comment.

The other aspect of security through obscurity is the political issue of whether vulnerabilities should be publicized, so people can be aware that they need to be fixed, but which also alert the unscrupulous to the vulnerability.
Cancel
Sounds like obfuscation, maybe.  I worry that its really just complacency.
Cancel

-ADS BY GOOGLE

File Extensions and File Formats

SearchCompliance

  • California Consumer Privacy Act (CCPA)

    The California Consumer Privacy Act (CCPA) is legislation in the state of California that supports an individual's right to ...

  • compliance audit

    A compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines.

  • regulatory compliance

    Regulatory compliance is an organization's adherence to laws, regulations, guidelines and specifications relevant to its business...

SearchSecurity

  • spear phishing

    Spear phishing is an email spoofing attack that targets a specific organization or individual, seeking unauthorized access to ...

  • bridge

    A bridge is a class of network device that’s designed to connect networks at OSI Level 2, which is the data link layer of a ...

  • browser isolation

    Browser isolation is a cybersecurity model for web browsing that can be used to physically separate an internet user’s browsing ...

SearchHealthIT

SearchDisasterRecovery

  • disaster recovery team

    A disaster recovery team is a group of individuals focused on planning, implementing, maintaining, auditing and testing an ...

  • cloud insurance

    Cloud insurance is any type of financial or data protection obtained by a cloud service provider. 

  • business continuity software

    Business continuity software is an application or suite designed to make business continuity planning/business continuity ...

SearchStorage

  • business impact analysis (BIA)

    Business impact analysis (BIA) is a systematic process to determine and evaluate the potential effects of an interruption to ...

  • RAID (redundant array of independent disks)

    RAID (redundant array of independent disks) is a way of storing the same data in different places on multiple hard disks to ...

  • dedicated cloud

    A dedicated cloud is a single-tenant cloud infrastructure, which essentially acts as an isolated, single-tenant public cloud.

Close