Skip to main content

Security Through Obscurity Considered Dangerous

Document Type Expired Internet-Draft (individual)
Authors Steven M. Bellovin , Randy Bush
Last updated 2002-03-01
Stream (None)
Intended RFC status (None)
Expired & archived
Stream Stream state (No stream defined)
Consensus boilerplate Unknown
RFC Editor Note (None)
IESG IESG state Expired
Telechat date (None)
Responsible AD (None)
Send notices to (None)

This Internet-Draft is no longer active. A copy of the expired Internet-Draft is available in these formats:


Hiding security vulnerabilities in algorithms, software, and/or hardware decreases the likelihood they will be repaired and increases the likelihood that they can and will be exploited by evil-doers. Discouraging or outlawing discussion of weaknesses and vulnerabilities is extremely dangerous and deleterious to the security of computer systems, the network, and its citizens.


Steven M. Bellovin
Randy Bush

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)