Security Analogies are usually Wrong

I have long believed that if someone makes an argument and uses an analogy, then the argument is often weak. But that’s just me!

This is why I usually roll my eyes when I hear statements like, “If [bridges|cars|airplanes] were built like software then…” because comparing physical items and software is just wrong. They are not the same thing, you cannot compare them.

That being said, I thought I would offer a counter-analogy.


If cars operated in an environment like the Internet, they would…

  • Be driven by people with little regard safe automobile operation.
  • Have their windshields shot out every 60 secs.
  • Once you have bullet-proof glass, the bad guys place nails at freeway off-ramps next to signs like, “free coffee this way”
    • and someone is always trying to steal your keys
    • and pull out your sparkplugs
    • and siphon your gas
  • Talking of gas, you fill up at a Shell station, only to realize the gas really isn’t gas, it’s vegetable oil and sand
  • Oh, that gas station isn’t a Shell station, it certainly looked like one, but they took your credit card details anyway
  • As this all goes on, you can’t see the adversary
  • And the adversaries are sharing new weapons with each other

And you thought you were going to work this morning!