The Prime Rule of Security is…

July 27, 2012 | No comments yet

You occasionally hear people refer to “security through obscurity”. This refers to the belief that if you make your security scheme as complicated as possible it becomes secure. This is, however, built upon the assumption that “not provably insecure” is the same as “provably secure”.

It is frequently the case that ┬áthose espousing “security through obscurity” are more motivated by “job security through obscurity”. Abstruse security schemes are fiddly and difficult to operate and also problematic to untangle. They are also difficult to get right. When it comes to ensuring that a computer system is not compromised complexity is the easiest way to make a costly mistake. They often suffer from issues of “weakest link in the chain” or multiple layers of weak security.

So Springsmith applies a very simple philosophy to security…use simple, standard and well used security schemes. The Spring framework is an ideal method for applying this to both new and extant Java projects.


There are no comments on this entry.