Security Analogies are usually Wrong
I have long believed that if someone makes an argument and uses an analogy, then the argument is often weak. But that’s just me!
This is why I usually roll my eyes when I hear statements like, “If [bridges|cars|airplanes] were built like software then…” because comparing physical items and software is just wrong. They are not the same thing, you cannot compare them.
That being said, I thought I would offer a counter-analogy.
If cars operated in an environment like the Internet, they would…
- Be driven by people with little regard safe automobile operation.
- Have their windshields shot out every 60 secs.
- Once you have bullet-proof glass, the bad guys place nails at freeway off-ramps next to signs like, “free coffee this way”
- and someone is always trying to steal your keys
- and pull out your sparkplugs
- and siphon your gas
- Talking of gas, you fill up at a Shell station, only to realize the gas really isn’t gas, it’s vegetable oil and sand
- Oh, that gas station isn’t a Shell station, it certainly looked like one, but they took your credit card details anyway
- As this all goes on, you can’t see the adversary
- And the adversaries are sharing new weapons with each other
And you thought you were going to work this morning!