Thoughts on Security Analogies
I thought I would share Michael Howard's recent blog on "Security Analogies are Wrong". I agree with Michael take on Security Analogies as I hear them all the time but I thought his post was hilarous as he turns the tables with his counter analogy:
If cars operated in an environment like the Internet, they would…
- Be driven by people with little regard safe automobile operation.
- Have their windshields shot out every 60 secs.
- Once you have bullet-proof glass, the bad guys place nails at freeway off-ramps next to signs like, “free coffee this way”
- and someone is always trying to steal your keys
- and pull out your sparkplugs
- and siphon your gas
- Talking of gas, you fill up at a Shell station, only to realize the gas really isn’t gas, it’s vegetable oil and sand
- Oh, that gas station isn’t a Shell station, it certainly looked like one, but they took your credit card details anyway
- As this all goes on, you can’t see the adversary
- And the adversaries are sharing new weapons with each other