![]() ![]() Secrecy in cyber security puts everyone at risk: the company, its customers, and its suppliers.Įlectric vehicles serve as a good example of the value of openness in cyber security. ![]() The less hackers know about how a company guards its data, the safer the data becomes, according to this line of thinking. You might expect that companies would be better off keeping their cards close to their chest. Netflix saw that harnessing the world’s pool of programmers to build its security software actually made the company, and its data, more secure. In response to the Dark Overlord hack, it developed dozens of open-source cybersecurity products that other companies are allowed to use freely. What makes Netflix unusual is how transparent it has become about its cyber defences. Of course, many companies have digital assets to secure. The worst incident occurred in 2017, when a group called Dark Overlord broke in and released some new episodes of Orange is the New Black on the Internet. Netflix also wants to keep its popular TV series beyond the reach of those who try to view the content without paying.įor a company with so much digital treasure, Netflix hasn’t had many security mishaps. Tens of millions of households entrust the company with their personal information, including credit card details and the viewing habits of each family member. Malicious practices are taken for granted and care is taken to minimize impact when a security vulnerability is discovered or on invalid user input.Netflix has a lot of valuable data it needs to protect from hackers. Instead, security should be based on a worst-case scenario: assume your “adversary” has access to the source code and deal with it.įor example, the “ Security by design ” principle advocates that the software should be designed from the ground up to be secure. Hiding source code is a bad way to assume you’ll achieve security, because even a powerful and highly proprietary company can’t guarantee that source code won’t leak out. Open Source software is based on a similar notion of security. ![]() Strong crypto assumes, rather, that despite the fact that the encryption algorithm is a matter of public knowledge, that the data in question will remain encrypted and secure. ![]() The notion that hiding the means of encryption will somehow make the data in question more secure is a notion that has been obsolete since World War II. Today’s strong cryptography is based on the assumption that an “adversary” will know both that something is encrypted, and what the encryption scheme is. Too often people assume that secrecy equals security. “security through obscurity”), and they state, “ system security should not depend on the secrecy of the implementation or its components”. The United States National Institute of Standards and Technology (NIST) specifically recommends against using closed source as a way to secure the software (i.e. Security through obscurity has never achieved engineering acceptance as a good way to secure a system. Unfortunately, security through obscurity can give you a false sense of security and ultimately lead to an insecure system. This assumption has a name – it is called “ Security through obscurity” – an attempt to use secrecy of design or implementation to provide security. As a result, there could be the assumption that FOSS is less secure than proprietary applications. The main concern is that because free and open source software (FOSS) is built by communities of developers with the source code publically available, access is also open to hackers and malicious users. There are a variety of different benefits and drawbacks for both sides of the argument. Currently, there is an ongoing debate on whether open source software increases software security or is detrimental to its security. The security of open source software is a key concern for organizations planning to implement it as part of their software stack, particularly if it will play a major role. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |