A software development company needs to share information between two remote servers, using encryption to
protect it. A programmer suggests developing a new encryption protocol, arguing that using an unknown
protocol with secure, existing cryptographic algorithm libraries will provide strong encryption without being
susceptible to attacks on other known protocols. Which of the following summarizes the BEST response to the
programmer’s proposal?
A.
The newly developed protocol will only be as secure as the underlying cryptographic algorithms used.
B.
New protocols often introduce unexpected vulnerabilities, even when developed with otherwise secure and
tested algorithm libraries.
C.
A programmer should have specialized training in protocol development before attempting to design a new
encryption protocol.
D.
The obscurity value of unproven protocols against attacks often outweighs the potential for introducing new
vulnerabilities.