My major concern is it'll produce a false sense of security. While it can make discovery harder, this will not solve a single security bug, it's just security by obscurity.
-
-
-
And it largely prevents non-malicious researchers from helping you find and fix the bugs that well-funded attackers may already know.
-
Even if you have to model vulns as infinite, it's not clear how you should model vulns already known but undisclosed, and what the probability of rediscovery is before this obfuscation.
End of conversation
New conversation -
-
-
I'm just going to point at this when I get asked why my code is so messy
-
There's actually a source-level version (well, mildly related) of this that can be evil: putting in all sorts of constructs that produce warnings, but where the warning is (maybe non-obviously) wrong.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.