On Tue, 13 May 2008 05:22:19 +0000 (GMT) Paul Ferguson wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Silly question, but I cannot for the life of me recall who > coined the analogy(and actually, I can't recall the exact phrase) > of network security being a matter of "soft and gooey inside, and > hard and crunchy outside". > > Does anyone have a reference to the original coinage of this > analogy? > > Thanks, > > - - ferg
[...]"Unfortunately, many of today's e-businesses implement the direct opposite of a citadel," Arnold writes. "This can be viewed as an 'eggshell' security model: hard outer shell, soft in the center." Also sometimes referred to as 'M&M security model'. Interview with Tom Arnold: http://itmanagement.earthweb.com/secu/article.php/791191 Whitepaper "An Electronic Citadel: A Method for Securing Credit Card and Private Consumer Data in e-Business Sites": http://www.siia.net/software/pubs/aec-01.pdf This is earliest mention of that phrase i could find. HTH Pedja -- I am logged in, therefore I am. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
