The free software community operates under the assumption that security
problems are best addressed through full disclosure. Keeping
vulnerabilities secret is seen as a recipe for slower development and
deployment of fixes and the recurrence of the same mistakes in new
contexts. Many other groups, such as military organizations, take a
different approach: secrecy is a key part of how they maintain security.
The two approaches would appear to be contradictory; which is the right
one? Peter Swire has just published
which attempts to answer this problem.
The paper sets the stage by trying to come up with ways of characterizing
the costs and benefits of disclosure. In any situation, how much does
disclosure of information benefit attackers and defenders? One of the core
observations made is that secrecy is most beneficial against first-time
attacks. When the defense has something unique or unknown (be it a
defensive technique or a vulnerability), secrecy can be effective. But
when it is possible to repeatedly probe defenses, and when defenses are not
unique, security through obscurity buys little. For this reason, computers
and networks tend to be more secure when operated in a full disclosure
Some exceptions are made, however. The paper goes to some lengths to make
the point that keys and passwords should be kept secret; it should not be
too hard to convince most readers of that. Mr. Swire also points out that
surveillance techniques can be a good candidate for secrecy; attackers can
often learn very little about monitoring systems by probing, so it is best
to keep them in the dark.
In the end, the paper takes few positions; the author will not commit
himself, for example, on whether free software is more or less secure than
proprietary software. As a framework for evaluating the value and costs of
disclosure, however, the paper may be a useful contribution.
to post comments)