"one ought to design systems under the assumption that the enemy will immediately gain full familiarity with them" - Claude Shannon
"one ought to design systems under the assumption that the enemy will immediately gain full familiarity with them" - Claude Shannon
If you believe this, then why did you say?
> starting to think security through obscurity might not be a bad thing
Because of asymmetric differences, I don't have access to powerful LLMs but attackers might. And also the complexities of software dependencies (supply chain vulnerabilities), my software depends on packages not in my control and I don't have time to audit the entire stack.
Perhaps the answer is to depend only on packages that come from people that are more competent than you so you can know if or when your program is compromised that it'll most likely be your fault and not theirs.