Kerchoff's Principle has long been a keystone of cryptographic security. That a crypto system should be secure, even if everything about the system is known, except for the key. This has resulted in robust cryptographic protocols, specifically because the protocols could be open and well researched. This same principle shows up in other areas of security under the axiom, "security through obscurity is not security". If the security of a system fundamentally relies on the details of the system remaining a secret, then that system is inherently not secure. Having security systems based on open source protocols and software is this working in practice. By having everything open and available for a wide range of researches to test and validate, we can be more assured of the security of a system. Closed, proprietary protocols and software are a risk to organizations. They have no way of knowing if those closed systems are really well designed or a house of cards hiding behind a curtain.