[Full-Disclosure] Response to comments on Security and Obscurity
jftucker at gmail.com
Thu Sep 2 16:24:30 BST 2004
On Thu, 02 Sep 2004 10:02:12 -0400, Barry Fitzgerald
<bkfsec at sdf.lonestar.org> wrote:
> I... tend to agree. It's a difficult question because analogies are
> useful if the person reading the paper has no point to base their
> opinion off of. However, I see two problems with this:
> 1) Perhaps a paper of this type shouldn't be considered introductory
> material. Perhaps the knowledge of the system should be a pre-requisite
> for reading the paper. Familiarity with the topics should be assumed.
> Discerning between the advantages and disadvantages between disclosure
> and secrecy isn't a small or simple thing and perhaps people without
> that level of familiarity, shouldn't venture directly down that path.
> 2) The above is especially true in the case of influence of public
> policy. If person shaping public policy is basing their opinion off of
> a (most likely defunct) analogy, we have a major problem. As I'm sure
> Peter is aware, this is probably more often than not, the rule in the
> shaping of public policy. It reminds me of the scene in Fahrenheit 9/11
> where they were discussing the fact that the Patriot Act was passed
> without a single legislator reading it. This scares me a lot. Of
> course, this increases the need for simplification of the issues so that
> legislators can at least vote with a modicum of knowledge on a subject,
> but thus begins the cycle...
> Perhaps a series of papers is more appropriate, starting with an
> in-depth understanding of the ideologies from the ground level?
Full-Disclosure is hosted and sponsored by Secunia.