WebApp Sec mailing list archives

RE: simplicity improves security?

From: "Simon Zuckerbraun" <szucker () sst-pr-1 com>
Date: Wed, 14 Sep 2005 16:14:38 -0500

"Complexity is the worst enemy of security."
- Bruce Schneier, *Secrets and Lies* p. 354

"A more complex system is less secure on all fronts. It contains more
weaknesses to start with, its modularity exacerbates those weaknesses, it's
harder to test, it's harder to understand, and it's harder to analyze."
ibid, p. 357

Simon

-----Original Message-----
From: Saqib Ali [mailto:docbook.xml () gmail com] 
Sent: Tuesday, September 13, 2005 10:02 AM
To: webappsec () securityfocus org
Subject: simplicity improves security?


Hello All,

I am looking for a quote to end an presentation, that talks about how
simplicity in an application can improve the security, whereas a more a
complex application will be more prone to security related issues.

Any quotes from any security gurus? 

-- 
In Peace,
Saqib Ali
http://www.xml-dev.com/blog/
Consensus is good, but informed dictatorship is better.

Current thread:

simplicity improves security? Saqib Ali (Sep 13)
- RE: simplicity improves security? Simon Zuckerbraun (Sep 14)
- Re: simplicity improves security? Robert Hajime Lanning (Sep 14)