Paul Kedrosky writes:

Most of us have heard the story of armoring British bombers, as it’s too good not to share, not to mention being straight from the David Brent school of management motivation. Here is the Wikipedia version:

Bomber Command’s Operational Research Section (BC-ORS), analysed a report of a survey carried out by RAF Bomber Command. For the survey, Bomber Command inspected all bombers returning from bombing raids over Germany over a particular period. All damage inflicted by German air defences was noted and the recommendation was given that armour be added in the most heavily damaged areas. Their suggestion to remove some of the crew so that an aircraft loss would result in fewer personnel loss was rejected by RAF command. [Patrick] Blackett’s team instead made the surprising and counter-intuitive recommendation that the armour be placed in the areas which were completely untouched by damage in the bombers which returned. They reasoned that the survey was biased, since it only included aircraft that returned to Britain. The untouched areas of returning aircraft were probably vital areas, which, if hit, would result in the loss of the aircraft.

…The trouble is, is it true? Did this bomber plating survey really happen, and did the the RAF, under the force of Patrick Blackett’s team’s analysis, do the contrarian thing of armoring the untouched parts of the bombers that came back?

I think it’s a fascinating question, (Paul points out how it’s spread in his post). In information security, we have a lot of ideas whose origins are lost in the mists of time. That’s all the more remarkable given that information security has been around for barely 50 years. We don’t have to lose our history.