Fixing Security Through Obscurity?

LineNoiz asks: "I work as a junior developer at a small company that sells check printing software. One of my company's favorite things to tell customers is how secure our product is and how it will reduce check fraud (we even sell check fraud insurance). I cringe everytime I hear them say it, because I know that it is 'secure' only because of it's relative obscurity. I personally know very little about security, and really have no idea what it would take to make our product secure. All I really know is that this is a problem waiting to happen. How can I convince my managers that our security is nothing to brag about? How can I convince them to spend the time and money to make it secure? Where can I myself go to learn more about security and what it would take to make/keep it secure?"

Sounds like a very secure system to me

[MerlynEmrys67]

As a customer, I use your software - if there is a vulnerability, your company comes back in and reimburses my costs for the vulnerability... Sounds perfectly secure to me ?

Go and write a million lines of security software and don't provide the guarantee - it isn't worth as much to the customer.

What you have to realize is that it is an easy equation for your company

How many reimbursements do they have to pay out on an annual basis. vs. How much will it cost to lower that number.

I am betting they are paying out pretty close to 0 in reimbursements (which is why they are advertising this)- how much of your salary will it take to make the product even slightly more secure ?