The allure and curse of complexity
The number of vulnerabilities present in a particular system is affected by several parameters. One of these parameters is complexity. The more complex a system, the more likely a mistake will be made during the development of the system, which will ultimately result in some undesired effect (read: security vulnerability). This basic rule doesn't really require an in-depth explanation, as it deals with a pretty basic concept.
Fortunately for us, complexity goes against the core philosophy of UNIX. In the words of Doug McIlroy, this is the Unix philosophy: "Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface." That being said, complexity appears to be something that's embraced by certain operating systems, and shunned by others.
By Jason Miller at SecurityFocus.
[ Read more ]