A Model for When Disclosure Helps Security: Difference between revisions

From Cybersecurity Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 6: Line 6:


Peter P. Swire, ''A Model for  When Disclosure  Helps Security: What is Different About Computer and Network Security? '' (Journal on Telecommunications and High Technology Law, Vol. 2, Public Law and Legal Theory Working Paper Series No. 17, 2004).   
Peter P. Swire, ''A Model for  When Disclosure  Helps Security: What is Different About Computer and Network Security? '' (Journal on Telecommunications and High Technology Law, Vol. 2, Public Law and Legal Theory Working Paper Series No. 17, 2004).   
[http://www.rootsecure.net/content/downloads/pdf/disclosure_helps_security.pdf ''Web'']  
[http://www.rootsecure.net/content/downloads/pdf/disclosure_helps_security.pdf ''Web'']
 
[http://papers.ssrn.com/sol3/papers.cfm?abstract_id=531782 ''SSRN'']
[http://papers.ssrn.com/sol3/papers.cfm?abstract_id=531782 ''SSRN'']



Revision as of 13:27, 29 June 2010

Full Title of Reference

A Model for When Disclosure Helps Security: What is Different About Computer and Network Security?

Full Citation

Peter P. Swire, A Model for When Disclosure Helps Security: What is Different About Computer and Network Security? (Journal on Telecommunications and High Technology Law, Vol. 2, Public Law and Legal Theory Working Paper Series No. 17, 2004). Web

SSRN

BibTeX

Categorization

Issues: Information Sharing/Disclosure

Key Words

security, free software, secrecy

Synopsis

This Article asks the question: When does disclosure actually help security? The discussion begins with a paradox. Most experts in computer and network security are familiar with the slogan that there is no security through obscurity. The Open Source and encryption view is that revealing the details of a system will actually tend to improve security, notably due to peer review. In sharp contrast, a famous World War II slogan says loose lips sink ships. Most experts in the military and intelligence areas believe that secrecy is a critical tool for maintaining security. Both cannot be right - disclosure cannot both help and hurt security.

Using a law and economics approach to resolve the paradox, Part I provides a model for deciding when either the Open Source or the military/intelligence viewpoints is likely to be correct. Part II explains why many computer and network security problems appear different from the traditional security problems of the physical world. Part III applies the analytic tools developed earlier in the paper to issues including the following: the enlargement of the public domain in a world of search engines; the relationship between disclosure and deterrence; the importance of not disclosing passwords or the combination to a safe.

Additional Notes and Highlights

* Outline key points of interest