Book contents
- Frontmatter
- Contents
- Acknowledgments
- Contributors
- The Law and Economics of Cybersecurity: An Introduction
- PART ONE PROBLEMS
- 1 Private versus Social Incentives in Cybersecurity: Law and Economics
- 2 A Model for When Disclosure Helps Security: What Is Different about Computer and Network Security?
- 3 Peer Production of Survivable Critical Infrastructures
- 4 Cybersecurity: Of Heterogeneity and Autarky
- PART TWO SOLUTIONS
- Index
- References
2 - A Model for When Disclosure Helps Security: What Is Different about Computer and Network Security?
Published online by Cambridge University Press: 18 August 2009
- Frontmatter
- Contents
- Acknowledgments
- Contributors
- The Law and Economics of Cybersecurity: An Introduction
- PART ONE PROBLEMS
- 1 Private versus Social Incentives in Cybersecurity: Law and Economics
- 2 A Model for When Disclosure Helps Security: What Is Different about Computer and Network Security?
- 3 Peer Production of Survivable Critical Infrastructures
- 4 Cybersecurity: Of Heterogeneity and Autarky
- PART TWO SOLUTIONS
- Index
- References
Summary
This article asks the question, When does disclosure actually help security? The issue of optimal openness has become newly important as the Internet and related technologies have made it seem inevitable that information will leak out. Sun Microsystems CEO Scott McNealy received considerable press attention a few years ago when he said, “You have zero privacy. Get over it” (Froomkin 2000). An equivalent statement for security would be, “You have zero secrecy. Get over it.” Although there is a germ of truth in both statements, neither privacy nor secrecy is or should be dead. Instead, this article seeks to provide a more thorough theoretical basis for assessing how disclosure of information will affect security. In particular, it seeks to understand the differences between traditional security practices in the physical world, on the one hand, and best practices for computer and network security, on the other.
The discussion begins with a paradox. Most experts in computer and network security are familiar with the slogan that “there is no security through obscurity.” For proponents of Open Source software, revealing the details of the system will actually tend to improve security, notably due to peer review. On this view, trying to hide the details of the system will tend to harm security because attackers will learn about vulnerabilities but defenders will not know where to patch the vulnerabilities. In sharp contrast, a famous World War II slogan has it that “loose lips sink ships.”
- Type
- Chapter
- Information
- The Law and Economics of Cybersecurity , pp. 29 - 70Publisher: Cambridge University PressPrint publication year: 2005
References
- 2
- Cited by