Browse Definitions :
Definition

security through obscurity

Security through obscurity (STO) is reliance upon secrecy in software development to minimize the chance that weaknesses may be detected and targeted.

Security through obscurity is often achieved by developing code in secret, protecting it from unauthorized access and maintaining the software’s proprietary closed source status.  The approach can be effective in combination with other measures but STO on its own is deprecated. Used to bolster more effective approaches such as security by design, security through obscurity can add another layer of protection.

Security through minority is a subcategory of STO that is based on code that is infrequently used.  That approach relies on the knowledge that hackers looking for vulnerabilities to exploit typically seek commonly-used software to maximize sales of malware and hacking scripts and increase the number of computers they can reach.

Similarly, security through obsolescence relies on the fact that programs that are no longer used are less likely to be exploited because few are familiar with coding for them-- let alone exploiting their code.

Security through diversity can also be effective. This approach involves using a combination of piecemeal components.  Security through diversity can make a system harder to target and can be inherently more secure than a well-known monolithic solution.

This was last updated in July 2015

Continue Reading About security through obscurity

SearchNetworking
  • CIDR (Classless Inter-Domain Routing or supernetting)

    CIDR (Classless Inter-Domain Routing or supernetting) is a method of assigning IP addresses that improves the efficiency of ...

  • throughput

    Throughput is a measure of how many units of information a system can process in a given amount of time.

  • traffic shaping

    Traffic shaping, also known as packet shaping, is a congestion management method that regulates network data transfer by delaying...

SearchSecurity
  • Common Body of Knowledge (CBK)

    In security, the Common Body of Knowledge (CBK) is a comprehensive framework of all the relevant subjects a security professional...

  • buffer underflow

    A buffer underflow, also known as a buffer underrun or a buffer underwrite, is when the buffer -- the temporary holding space ...

  • pen testing (penetration testing)

    A penetration test, also called a pen test or ethical hacking, is a cybersecurity technique that organizations use to identify, ...

SearchCIO
  • benchmark

    A benchmark is a standard or point of reference people can use to measure something else.

  • spatial computing

    Spatial computing broadly characterizes the processes and tools used to capture, process and interact with 3D data.

  • organizational goals

    Organizational goals are strategic objectives that a company's management establishes to outline expected outcomes and guide ...

SearchHRSoftware
  • talent acquisition

    Talent acquisition is the strategic process employers use to analyze their long-term talent needs in the context of business ...

  • employee retention

    Employee retention is the organizational goal of keeping productive and talented workers and reducing turnover by fostering a ...

  • hybrid work model

    A hybrid work model is a workforce structure that includes employees who work remotely and those who work on site, in a company's...

SearchCustomerExperience
Close