Simplicity in the overall design of the system is important for security because a system that software architects and developers have a difficult time understanding is one that may not be secure. A more complex system makes it more difficult to reason about all of the different threat possibilities. There is a greater likelihood of a mistake being made during implementation, configuration, or the use of a software system when it is complex.

Software systems that are more complicated tend to have a larger attack surface. As long as requirements are being met, simple and elegant designs should be favored over complex ones for a variety of reasons, one of which is security. As was mentioned in discussing the principle ...