 |  |
3.8. Simplicity
Simplicity is a security strategy for two reasons. First, keeping things simple makes them easier to understand; if you don't understand something, you can't really know whether or not it's secure. Second, complexity provides nooks and crannies for all sorts of things to hide in; it's easier to secure a studio apartment than a mansion.Complex programs have more bugs, any of which may be security problems. Even if bugs aren't in and of themselves security problems, once people start to expect a given system to behave erratically, they'll accept almost anything from it, which kills any hope of their recognizing and reporting security problems when these problems do arise.
You therefore want things as simple and elegant as possible; simple to understand, simple to use, simple to administer. But just as Einstein famously suggested, you don't want it any simpler than possible. Effective security is inherently complex. You want a system you can explain, but you still want it to work. Don't sacrifice security in order to get simplicity.
|  | |
| 3.7. Diversity of Defense |  | 3.9. Security Through Obscurity |
