Thoughts on Security Analogies


I thought I would share Michael Howard's recent blog on "Security Analogies are Wrong".  I agree with Michael take on Security Analogies as I hear them all the time but I thought his post was hilarous as he turns the tables with his counter analogy:


If cars operated in an environment like the Internet, they would…



  • Be driven by people with little regard safe automobile operation.

  • Have their windshields shot out every 60 secs.

  • Once you have bullet-proof glass, the bad guys place nails at freeway off-ramps next to signs like, “free coffee this way”


    • and someone is always trying to steal your keys

    • and pull out your sparkplugs

    • and siphon your gas

  • Talking of gas, you fill up at a Shell station, only to realize the gas really isn’t gas, it’s vegetable oil and sand

  • Oh, that gas station isn’t a Shell station, it certainly looked like one, but they took your credit card details anyway

  • As this all goes on, you can’t see the adversary

  • And the adversaries are sharing new weapons with each other

Skip to main content