Both “no security through obscurity” and “loose lips sink ships” cannot simultaneously be true. Instead, it is a key research task, including for transparency advocates such as Roberts, to determine the conditions under which disclosure is likely to help or hurt security. In other writings, I have tried to contribute to that research project, especially by identifying the costs and benefits of disclosure to attackers and defenders in various settings. One key theme is that secrets work well against a first attack, when the attackers might fall for a trap. Secrets work much less well against repeated attacks, such as when a hacker can try repeatedly to find a flaw in a software program or system firewall.
Better understanding of the relationship between secrecy and security will be crucial in coming years as the nation seeks to build a society that is both open and secure. By so ably documenting the current trends toward both openness and secrecy, Roberts has provided a crucial underpinning for that debate.
