Browse Definitions :
Definition

security through obscurity

TechTarget Contributor
By

Security through obscurity (STO) is reliance upon secrecy in software development to minimize the chance that weaknesses may be detected and targeted.

Security through obscurity is often achieved by developing code in secret, protecting it from unauthorized access and maintaining the software’s proprietary closed source status.  The approach can be effective in combination with other measures but STO on its own is deprecated. Used to bolster more effective approaches such as security by design, security through obscurity can add another layer of protection.

Security through minority is a subcategory of STO that is based on code that is infrequently used.  That approach relies on the knowledge that hackers looking for vulnerabilities to exploit typically seek commonly-used software to maximize sales of malware and hacking scripts and increase the number of computers they can reach.

Similarly, security through obsolescence relies on the fact that programs that are no longer used are less likely to be exploited because few are familiar with coding for them-- let alone exploiting their code.

Security through diversity can also be effective. This approach involves using a combination of piecemeal components.  Security through diversity can make a system harder to target and can be inherently more secure than a well-known monolithic solution.

This was last updated in July 2015

Continue Reading About security through obscurity

Networking
  • local area network (LAN)

    A local area network (LAN) is a group of computers and peripheral devices that are connected together within a distinct ...

  • TCP/IP

    TCP/IP stands for Transmission Control Protocol/Internet Protocol and is a suite of communication protocols used to interconnect ...

  • firewall as a service (FWaaS)

    Firewall as a service (FWaaS), also known as a cloud firewall, is a service that provides cloud-based network traffic analysis ...

Security
  • identity management (ID management)

    Identity management (ID management) is the organizational process for ensuring individuals have the appropriate access to ...

  • fraud detection

    Fraud detection is a set of activities undertaken to prevent money or property from being obtained through false pretenses.

  • single sign-on (SSO)

    Single sign-on (SSO) is a session and user authentication service that permits a user to use one set of login credentials -- for ...

CIO
  • IT budget

    IT budget is the amount of money spent on an organization's information technology systems and services. It includes compensation...

  • project scope

    Project scope is the part of project planning that involves determining and documenting a list of specific project goals, ...

  • core competencies

    For any organization, its core competencies refer to the capabilities, knowledge, skills and resources that constitute its '...

HRSoftware
  • recruitment management system (RMS)

    A recruitment management system (RMS) is a set of tools designed to manage the employee recruiting and hiring process. It might ...

  • core HR (core human resources)

    Core HR (core human resources) is an umbrella term that refers to the basic tasks and functions of an HR department as it manages...

  • HR service delivery

    HR service delivery is a term used to explain how an organization's human resources department offers services to and interacts ...

Customer Experience
  • martech (marketing technology)

    Martech (marketing technology) refers to the integration of software tools, platforms, and applications designed to streamline ...

  • transactional marketing

    Transactional marketing is a business strategy that focuses on single, point-of-sale transactions.

  • customer profiling

    Customer profiling is the detailed and systematic process of constructing a clear portrait of a company's ideal customer by ...

Close