The Absolute Zero

The rule number 0 in Type Driven Design is:

No code = no issues. No sinks = no vulnerabilities. No user controlled input = no vector of attack.

Based on that:

• always delete obsolete, dead, unreachable code.
• do not ask user to provide more input than needed. In number of situations needed data can be generated by the system. e.g. name of the uploaded file