This principle states that design should not be secret. Attackers should not be able to pose a threat by just being aware of the design. Instead, threats should be stopped through specific security controls such as keys, passwords, etc. Through the usage and decoupling of protection mechanisms (cryptographic algorithms, authentication systems) from protection keys (cryptographic keys, passwords) system deigns can be shared and peer reviewed by many without compromising security of systems. In the end, it is also not very feasible to keep a secret in today’s widely connected world.
Permanent link to this article: http://blogs.cae.tntech.edu/secknitkit/open-design/