Security Risk Management vs Security Through Obscurity
Developers should learn Security Risk Management to build secure applications by design, comply with regulations (e meets developers should understand this concept primarily to avoid it, as it is considered a poor security practice that can lead to vulnerabilities when the obscurity is inevitably bypassed. Here's our take.
Security Risk Management
Developers should learn Security Risk Management to build secure applications by design, comply with regulations (e
Security Risk Management
Nice PickDevelopers should learn Security Risk Management to build secure applications by design, comply with regulations (e
Pros
- +g
- +Related to: threat-modeling, vulnerability-assessment
Cons
- -Specific tradeoffs depend on your use case
Security Through Obscurity
Developers should understand this concept primarily to avoid it, as it is considered a poor security practice that can lead to vulnerabilities when the obscurity is inevitably bypassed
Pros
- +It is sometimes used in limited contexts, such as obscuring non-critical details to add a minor layer of defense-in-depth, but it should never be the sole or primary security mechanism
- +Related to: cybersecurity, defense-in-depth
Cons
- -Specific tradeoffs depend on your use case
The Verdict
These tools serve different purposes. Security Risk Management is a methodology while Security Through Obscurity is a concept. We picked Security Risk Management based on overall popularity, but your choice depends on what you're building.
Based on overall popularity. Security Risk Management is more widely used, but Security Through Obscurity excels in its own space.
Disagree with our pick? nice@nicepick.dev