It’s not the 1970’s rock band KISS I’m referring to, but the old engineering adage Keep It Simple, Stupid. Now adapted to ‘Keep IT Security Simple’.
Simplicity in the user interface is an essential part of a user-friendly system. How does it look when you go under the hood – and how does complexity affect security?
You should not overcomplicate things; most systems work best when they are kept simple. This realisation has affected the design of user interface. Most user interface designers know that simplicity should be a key design goal. They do not always succeed, but they are aware of Kiss.
How does it look for developers? The people who are building the systems and often the user interface?
This programming language, which Brendan Eich initially created 22 years ago, in just 10 days, has come a long way since it was called Mocha. You may like it or not, but today it’s one of the most widely used programming languages in the world; according to Redmonk the most used programming language.
Libraries included several times
Another finding is that many websites are including the same libraries many times (sometimes different versions), which makes it difficult to predict which ones are used:
“Composition of content modules or third-party content in the same document can lead to duplicate inclusions of a library and potentially nondeterministic behaviour with respect to vulnerability”
“surprisingly often, libraries are not referenced directly in a page, but also inlined, or included transitively by other content such as advertising, tracking or social media widget code”
Smart Tools for Developers
On a related note, I recently read an interesting interview with Erik Meijer, who worked at Microsoft for many years, where he created LINQ and worked on C# and Visual Basic among other projects. He now works at Facebook and points out that programmers need smart tools to manage the complexity of software development:
“Our world today is very complicated — we are dealing with distributed systems, all kinds of models, neural nets, frameworks, new languages. We don’t have the mental power to keep on top of every new innovation and idea … your brainpower is your most limited resource, so using smart tools is a good thing. Good developers understand they can’t do everything, and they know how to leverage tools as prosthetics for their brain.”
Hopefully, the smart tools do not add extra complexity and security issues. Keep IT Security Simple.
To ensure you don’t miss future blog articles, interviews and reports, please sign-up to the Curo Bulletin below.
 Node.js is one of the worst things to happen to the software industry
 The RedMonk Programming Language Rankings: January 2017
 Conversations with Technology Leaders: Erik Meijer