🔥 This article widely discussed at Hackernews and Reddit
In the information security field, we have developed lots of thoughts that can’t be discussed (or rarely discussed):
Never roll your own crypto
Always use TLS
Security by obscurity is bad
And goes like this. Most of them are very generally correct. However, I started to think that people are telling those because everyone is telling them. And, most of the people are actually not thinking about exceptional cases. In this post, I will raise my objection against the idea of “Security by obscurity is bad”.
Risk, Defense in Depth and Swiss Cheese
One of the main goal of defensive security is reducing the risk for the target business. According to the OWASP’s methodology, the risk of an issue is calculated with the formula below: