| It’s less about lines of code and more about scope of functionality. > Minimize code ruthlessly. Minimize functionality ruthlessly. > More LoC is always a greater attack surface More… than what? What does the counter factual look like? If I only care about 1 application in a vacuum, reducing LoC is not terribly difficult. If I run my application on any modern OS, I depend on thousands of applications, daemons, libraries, and a kernel. I would far rather their developers take reasonable efforts to import common libraries when appropriate. The aggregate LoC of an ecosystem is more important than the LoC of a single application. Also, telling people the metric of relevance is LoC is wrong and will lead people to game the metric, losing sight of the actual goal of code quality. There are infamous examples of Perl code golf; they optimize for LoC, but aren’t at all useful for code quality or security. Far better to expand LoC a reasonable amount in favor of developer readability and to reduce complexity. |