This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Talk:Assume attackers have source code
From OWASP
Possible Candidate for Removal
I believe the content in this article could be folded in with the Avoid security by obscurity article. In essence, the reliance on compiled code to hide the vulnerabilities that may be apparent in the source code is a form of Security Through Obscurity.
You're right, but I think it's a useful principle and should be separate. Most developers don't realize that their code is not a secret. We could make Security by Obscurity a category. Or we could just note that this is a form of security by obscurity and provide a link. Jeff Williams 07:25, 23 May 2008 (EDT)
I don't know if it is quite broad enough to become a Category; perhaps linking to Avoid security by obscurity would be a better way to go. --Cduffey346 17:12, 23 May 2008 (EDT)