undefined | Better HN

0 pointswdewind8y ago0 comments

> The main reason systems aren't secure is lack of simplicity.

I don't think it's that simple.

There are two ways you can look at simplicity:

1. The lack of needless complexity, which is just another way of saying something is well built

2. Smaller modular components that do less and have clearer interfaces, ie: the unix way.

If you mean the 1st, then sure, the main reason systems aren't secure is lack of being well built.

But if you mean the second, all you're really doing is taking security concerns and spreading them out over more components. This makes them easier to reason about, but also means more entities need to reason about them. Like all things in engineering there are only trade offs, no pure wins.

0 comments

sillysaurus38y ago

To an extent. But a simpler interface is also easier to pentest. That means a pentest is more likely to catch a problem.

Pentests can't catch everything, so a simple system costs less to secure.

j / k navigate · click thread line to collapse