Simple is more secure

As a general principle, having fewer links in the chain means fewer links that can be weak. Fewer exposure points makes the "attack surface" smaller, and allows developers to concentrate more attention on securing the remaining areas.

Complex code and systems increases the likelihood of introducing bugs or making security mistakes. Simpler systems require less expertise to understand, review, and maintain.


Ways to simplify

  • Write code comments

  • Break up long sections of code into small functions

  • Use clearly named functions and variables

  • Turn off features you do not need

  • Have fewer dependencies on other code and libraries

  • Don't repeat yourself

  • Built-in functions are better than custom functions

Fork me on GitHub