Thoughts on Security Analogies

I thought I would share Michael Howard's recent blog on "Security Analogies are Wrong".  I agree with Michael take on Security Analogies as I hear them all the time but I thought his post was hilarous as he turns the tables with his counter analogy:

If cars operated in an environment like the Internet, they would…

  • Be driven by people with little regard safe automobile operation.
  • Have their windshields shot out every 60 secs.
  • Once you have bullet-proof glass, the bad guys place nails at freeway off-ramps next to signs like, “free coffee this way”
    • and someone is always trying to steal your keys
    • and pull out your sparkplugs
    • and siphon your gas
  • Talking of gas, you fill up at a Shell station, only to realize the gas really isn’t gas, it’s vegetable oil and sand
  • Oh, that gas station isn’t a Shell station, it certainly looked like one, but they took your credit card details anyway
  • As this all goes on, you can’t see the adversary
  • And the adversaries are sharing new weapons with each other