This is an all too common theme in computer security: shouldn’t we learn from the military? After all we are dealing with attack and defense, just as the military, and there is strategy and tactics in both fields, and military victory—or defeat—is just about as mysterious as computer security or insecurity. I think the military analogy is flawed and unlikely to take us anywhere. What we are doing is different in almost every important respect.
First of all, in computer security we do not engage in battle. A battle, conceptually, takes place between two (or more) of a kind. There may be considerable and obvious asymmetries, such as in guerrilla warfare or when one army has more advanced capabilities than another, but there is no intrinsic asymmetry. In particular, each party involved engages in both attack and defense and combinations thereof. I am tired of those military metaphors in computer security weiterlesen
Sicher ist sicher? 