This post originated from an RSS feed registered with Agile Buzz by James Robertson. Original Post: Code Obfuscation - just Wrong Feed Title: Cincom Smalltalk Blog - Smalltalk with Rants Feed URL: http://www.cincomsmalltalk.com/rssBlog/rssBlogView.xml Feed Description: James Robertson comments on Cincom Smalltalk, the Smalltalk development community, and IT trends and issues in general. Latest Agile Buzz Posts Latest Agile Buzz Posts by James Robertson Latest Posts From Cincom Smalltalk Blog - Smalltalk with Rants

Julia Lerman talks about code obfuscation tools for .NET, and makes a point I have to disagree violently with:

I *know* that obfuscation is%A0 another level of security that we can all leverage. I *know* Microsoft has made it really easy by putting this 1Clite 1D (Community Edition) version into Visual Studio.NET. So, raising my hand, yet again as a typical developer - writing custom corporate applications that are not being put out in the market place - why have I never touched%A0 it, used it, thought about it?

yeah, security via obscurity has worked so well in the software industry. Access to sources helps - both in security terms, and in transparency terms (to developers). Obfuscating code just tells future developers that you don't care and want their job to be hard. Here's the point - no code is ever going to cover all possible use cases. Allowing other developers to extend and understand is a good thing. Final classes - bad. Final methods - bad. Code obfuscators - obnoxious.

This is one item that ought to bubble down to the bottom, and fast....