Newer is better?
"...since SHA-3 was officially released as a standard in 2015 you should choose that if it's available in your implementation... it's only been around for a short while and hence people have had far less opportunity to break it than the its 2001-launched predecessor."
Wouldn't it be wise to wait a while, give more people the opportunity to try to break SHA-3? I'd say we're less sure of how secure something is, if less attempts have been made to break it.