Browse Definitions :
Definition

security through obscurity

Security through obscurity (STO) is reliance upon secrecy in software development to minimize the chance that weaknesses may be detected and targeted.

Security through obscurity is often achieved by developing code in secret, protecting it from unauthorized access and maintaining the software’s proprietary closed source status.  The approach can be effective in combination with other measures but STO on its own is deprecated. Used to bolster more effective approaches such as security by design, security through obscurity can add another layer of protection.

Security through minority is a subcategory of STO that is based on code that is infrequently used.  That approach relies on the knowledge that hackers looking for vulnerabilities to exploit typically seek commonly-used software to maximize sales of malware and hacking scripts and increase the number of computers they can reach.

Similarly, security through obsolescence relies on the fact that programs that are no longer used are less likely to be exploited because few are familiar with coding for them-- let alone exploiting their code.

Security through diversity can also be effective. This approach involves using a combination of piecemeal components.  Security through diversity can make a system harder to target and can be inherently more secure than a well-known monolithic solution.

This was last updated in July 2015

Continue Reading About security through obscurity

SearchNetworking
  • network packet

    A network packet is a basic unit of data that's grouped together and transferred over a computer network, typically a ...

  • virtual network functions (VNFs)

    Virtual network functions (VNFs) are virtualized tasks formerly carried out by proprietary, dedicated hardware.

  • network functions virtualization (NFV)

    Network functions virtualization (NFV) is a network architecture model designed to virtualize network services that have ...

SearchSecurity
  • Domain-based Message Authentication, Reporting and Conformance (DMARC)

    The Domain-based Message Authentication, Reporting and Conformance (DMARC) protocol is one leg of the tripod of internet ...

  • data breach

    A data breach is a cyber attack in which sensitive, confidential or otherwise protected data has been accessed or disclosed in an...

  • insider threat

    An insider threat is a category of risk posed by those who have access to an organization's physical or digital assets.

SearchCIO
  • data privacy (information privacy)

    Data privacy, also called information privacy, is an aspect of data protection that addresses the proper storage, access, ...

  • leadership skills

    Leadership skills are the strengths and abilities individuals demonstrate that help to oversee processes, guide initiatives and ...

  • data governance policy

    A data governance policy is a documented set of guidelines for ensuring that an organization's data and information assets are ...

SearchHRSoftware
SearchCustomerExperience
  • recommerce

    Recommerce is the selling of previously owned items through online marketplaces to buyers who reuse, recycle or resell them.

  • implementation

    Implementation is the execution or practice of a plan, a method or any design, idea, model, specification, standard or policy for...

  • first call resolution (FCR)

    First call resolution (FCR) is when customer service agents properly address a customer's needs the first time they call.

Close