Why less may be more when building Web3

cointelegraph.com:

To build secure and resilient Web3 systems, transparency alone is not enough. By placing greater emphasis on simplicity, we can make the peer-review of code more effective and minimize security breaches in the Web3 space.

We are used to the intuitive idea that security is somehow intertwined with secrecy. We keep our passwords secret and our valuables hidden. For decades, software engineers followed a similar approach to cybersecurity. The source code of computer software was kept private. In the event of a vulnerability, a security patch would be released. This was and continues to be one view of security: “security through obscurity” and we have to trust the patches that are pushed — without our knowledge or consent — to our computers and phones will do what they are supposed to do.

Proponents of open-source software took a radically different view. They argued that making code transparent and publicly available would mean developers could review and improve the code, and would have the incentives to do so. Under those conditions, security issues could be identified, corrected and peer-reviewed.

Since then, open-source software has gained broad market penetration. Although only a small percentage of users run Linux distributions on their PCs or laptops, in the background, it is quietly powering much of the internet. An estimated 96% of the million largest web servers globally run on Linux, which also powers 90% of all cloud computing infrastructure. When you bring Android into the picture — the Linux fork running on over 70% of smartphones, tablets and other mobile devices globally — it’s clear that the modern internet as we know it is massively influenced by open-source systems.

Of course, the pervasive presence of