Name:retaining confidentiality of security status information
Information on methods used for protection can be protected to
make successful and undetected attack more difficult. Examples include not
revealing specific weaknesses in specific systems, keeping information on
where items are purchased confidential, and not detailing internal
procedures to outsiders.
Complexity: Many refer to this practice as security through obscurity.
There is tendency to use weaker protection techniques than are appropriate
under the assumption that nobody will be able to figure them out. History
shows this to be a poor assumption.