Re: Origin of: Soft & Gooey, Hard & Crunchy

[Predrag Ivanovic <predivan () nadlanu com>]

On Tue, 13 May 2008 05:22:19 +0000 (GMT)
Paul Ferguson wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Silly question, but I cannot for the life of me recall who
> coined the analogy(and actually, I can't recall the exact phrase)
> of network security being a matter of "soft and gooey inside, and
> hard and crunchy outside".
>
> Does anyone have a reference to the original coinage of this
> analogy?
>
> Thanks,
>
> - - ferg

[...]"Unfortunately, many of today's e-businesses implement the direct opposite of a citadel," Arnold writes.
"This can be viewed as an 'eggshell' security model: hard outer shell, soft in the center." 

Also sometimes referred to as 'M&M security model'.
Interview with Tom Arnold:
http://itmanagement.earthweb.com/secu/article.php/791191
Whitepaper "An Electronic Citadel: A Method for Securing Credit Card and Private Consumer Data in e-Business Sites":
http://www.siia.net/software/pubs/aec-01.pdf
This is earliest mention of that phrase i could find.

HTH
Pedja
-- 
 I am logged in, therefore I am.
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.