“Today’s security woes are not dominatedby the existence of bugs that might be discoveredby open-source developers studying system source code.”
The technical side of business places lots of emphasis on keeping secrets—design documents are not published, code is treated as a trade secret, and sometimes algorithms themselves are kept secret. Software is often the mechanism used to keep secrets out of reach of attackers and competitors, so it is not surprising that the approach taken makes a great deal of difference. In the first part of this chapter we discuss the implications of trying to keep things secret in your software.
There are a lot of good reasons for keeping secrets. Most companies ...