Secrecy != security. You’re far more secure by being transparent, open, and immune from attack. The best way for your project to be secure is to have a solid business idea and excellent implementors, with no secrecy at all—tell everyone and recruit the best to your side.
The best way to “beat” Omega is to be so wealthy that you only care about the box contents for the game’s amusement potential.
I think this post is based on a misunderstanding of “security mindset”. When I’ve heard it used, it’s usally assuming lack of secrecy and finding provable defenses against large classes of attack.
You always need a modicum of secrecy to be secure (private keys, passwords etc). Secrecy can also help security a lot. For example whoever is Satoshi Nakamoto helped their security a lot by using a pseudonym and covering their traces pretty well (if they are an individual), so they don’t have to worry about being kidnapped and forced to hand over their bitcoin.
Security often thinks about secrecy when they are are wanting attempted attacks to be visible (because you can’t protect against zero days). For example you might not want the rules of your web application firewall to be known, so that people can’t set up duplicate infrastructure and quietly probe that for holes in it.
Secrecy becomes worse when you start worrying about securing yourself from insider threats etc....
The security mindset is
the security mindset involves thinking about how things can be made to fail. It involves thinking like an attacker, an adversary or a criminal.
If you want to really use it, you cannot stop at the computer, for adversaries and attackers do not. You have to look at personnel, their backgrounds. Can you trust Ywith X information (be it encryption keys or source code), for whatever you are trying to do?
How do you know that Satoshi Nakamoto is secure? For all we know there’s good chance that he’s dead.
It’s not that easy for the NSA to let someone who’s a famous hacker disappear but on the other hand there’s no pushback when they kidnap someone like Satoshi Nakamoto.
Secrecy != security. You’re far more secure by being transparent, open, and immune from attack. The best way for your project to be secure is to have a solid business idea and excellent implementors, with no secrecy at all—tell everyone and recruit the best to your side.
The best way to “beat” Omega is to be so wealthy that you only care about the box contents for the game’s amusement potential.
I think this post is based on a misunderstanding of “security mindset”. When I’ve heard it used, it’s usally assuming lack of secrecy and finding provable defenses against large classes of attack.
You always need a modicum of secrecy to be secure (private keys, passwords etc). Secrecy can also help security a lot. For example whoever is Satoshi Nakamoto helped their security a lot by using a pseudonym and covering their traces pretty well (if they are an individual), so they don’t have to worry about being kidnapped and forced to hand over their bitcoin.
Security often thinks about secrecy when they are are wanting attempted attacks to be visible (because you can’t protect against zero days). For example you might not want the rules of your web application firewall to be known, so that people can’t set up duplicate infrastructure and quietly probe that for holes in it.
Secrecy becomes worse when you start worrying about securing yourself from insider threats etc....
The security mindset is
If you want to really use it, you cannot stop at the computer, for adversaries and attackers do not. You have to look at personnel, their backgrounds. Can you trust Ywith X information (be it encryption keys or source code), for whatever you are trying to do?
How do you know that Satoshi Nakamoto is secure? For all we know there’s good chance that he’s dead.
It’s not that easy for the NSA to let someone who’s a famous hacker disappear but on the other hand there’s no pushback when they kidnap someone like Satoshi Nakamoto.