Complexity can be thought of as a type of code smell: It doesn’t necessarily imply that there is a problem, but the presence of complexity is very strongly correlated with the presence of security vulnerabilities. In the design and construction of secure systems, it is important to not only consider mistakes which are guaranteed to cause problems, but to also consider factors which make it more likely that problems will arise—or, put another way, factors which make it harder to get things right. The notion of “complexity” is largely subjective, but our intuition serves us well…
Colin Percival, “Complexity Is Insecurity”