I have to agree. Hiding in the corner and keeping everybody in the dark doesn't help you when you HAVE to assume that others WILL be poking at them to find weaknesses.

Not talking about them and keeping them hidden is known as "Security through Obscurity" and is one of the worst things you can do. Why do you think most corporations keep getting their computer systems broken into?

The company feels a need to put up a front and not test or challenge procedures or mechanisms for fear that ANY discussion will result in negative publicity about the company. This is EXACTLY what potential attackers rely upon. THEY certainly aren't going to expose any flaws they find in a physical security procedure or software algorithm. They're just going to exploit it and leave the rest of us wondering what went wrong.

Does this mean that you should stand outside your house and ask passersby to try to break in?----No
Asking the opinions of several locksmiths and maybe a trusted friend or two is certainly a good idea though.

We have to assume that anything we post or read here or elsewhere on the web can be read by those who would do us harm. We also have to assume that they will be testing the new security measures themselves.

Which means that we ourselves must make it an issue of paramount importance to write to our elected officials urging them to fund testing and verification of policies and procedures as well as just putting them into place.

JD