Re: You are not really familiar with computer security, are you?
> That is part of what I'm talking about - is it a fundamental truth that invisible doors and papier maché walls will exist? If so, why?
Neccesarily. Whatever you need to do in computer security, securing Websites, Web-Apps or simply securing documents inside a company, you need to work with existing (and continually changing) hardware, firmware, drivers, operating systems, network protocol implementations, firewalls, management solutions, etc.
Every component you work with is updated regularly (if you do it right). This means a) known bugs a closed, b) new features are added and c) new bugs are introduced, every single one a potential new door.
On all architecture levels mentioned above - simultanously.
> too much reliance on "somebody else".
Yes, every application you create/run/maintain today sits on a ton of other software you cannot control.
OK, you _could_ try to create a for example document management solution based on your own Hardrware, firmware, drivers OS, own network stack, own firewall code and finally own application.
But you'd need to invest thousands (millions?) of man-years to create and test tons of new new code.
And with an overwhelming probablitity your own code will have many more bugs than the stuff already on the market that has been tested in in thousands of installationson.
So, yeah, relying on somebody else is a problem, but having to code everything up from bare matal yourself would pose a worse problem in terms of security, let alone feasability.
