On Wed, May 18, 2011 at 10:36, Hans Georg Schaathun <h...@schaathun.net> wrote: > But then, nothing is secure in any absolute sense. The best you can > do with all your security efforts is to manage risk. Since obfuscation > increases the cost of mounting an attack, it also reduces risk, > and thereby provides some level of security. > > Obviously, if your threat sources are dedicated hackers or maybe MI5, > there is no point bothering with obfuscation, but if your threat source > is script kiddies, then it might be quite effective. >
The flip side is that the developer will not know about weaknesses until much later in the development, when making changes to the underlying code organization may be difficult or impossible. In this early phase of development, he should actually encourage the script kiddies to "report the bugs". -- Dotan Cohen http://gibberish.co.il http://what-is-what.com -- http://mail.python.org/mailman/listinfo/python-list
