Complexidade do software é razão para a falta de segurança?

um artigo que discute essa ideia:

Shin, Y. and Williams, L., Is Complexity Really the Enemy of Software Security?, Quality of Protection Workshop at the ACM Conference on Computers and Communications Security (CCS) 2008, Alexandria, VA, pp. 47-50.

Software complexity is often hypothesized to be the enemy of
software security. We performed statistical analysis on nine
code complexity metrics from the JavaScript Engine in the
Mozilla application framework to investigate if this hypothesis
is true. Our initial results show that the nine complexity
measures have weak correlation (ρ=0.30 at best) with security
problems for Mozilla JavaScript Engine. The study should be
replicated on more products with design and code-level metrics.
It may be necessary to create new complexity metrics to
embody the type of complexity that leads to security problems.