If security though obscurity isn't real security

How come the military doesn't open source all of its code?

Instead, armies have security clearance and everything is kept on lockdown.

Obscurity, while weaker, than proper algorithmic guarantees, is still an additional layer of security, making it harder of your enemy to break through. I.e. while it is possible to crack a program, attacker is required to have skills and put a lot of effort into producing a crack.


For example, as part of security-through-obscurity anti-piracy scheme, you could break your executable into 1000 parts and sell only 1 random part to each of your clients, then that client connects to p2p network, which will do computations, missing from clients executable. It will be really hard for pirates to track all 1000 parts.

>>2

It will be really hard for pirates to track all 1000 parts.

Also, it will be really hard to emulate 1000 Windows 10 virtual machines running each part.

Open source makes the bugs more likely to be found, but makes no guarantees about fixing them

>>4
Makes it easier for threat actors to find bugs too! And they're not going to be submitting bug tickets.