To build secure and resilient Web3 systems, transparency alone is not enough. By placing greater emphasis on simplicity, we can make the peer-review of code more effective and minimize security breaches in the Web3 space.
The rise and fall of security through obscurity
We are used to the intuitive idea that security is somehow intertwined with secrecy. We keep our passwords secret and our valuables hidden. For decades, software engineers followed a similar approach to cybersecurity. The source code of computer software was kept private. In the event of a vulnerability, a security patch would be released. This was and continues to be one view of security: “security through obscurity” and we have to trust the patches that are pushed — without our knowledge or consent — to our computers and phones will do what they are supposed to do.
Proponents of open-source software took a radically different view. They argued