Generally these weird roundabout constructions used in English (not my native language). Like "I'm going forward to do X". There's always a bit of padding in language, but English seems to be very "paddy".
Oh, and very non-descriptive words for very specific things. Like washer. What is a washer? It doesn't do any washing. In German, we call these things Unterlegscheibe. A disk (Scheibe) to put (legen) under (unter) something. Says exactly what it's doing.
Well, I would say it absolutely is possible, but it costs money directly, up front and in an accountable manner. Security incidents vanish in the fog of responsibility diffusion and nobody specifically can be blamed. That means for each individual responsible party, it is the rational choice to do just enough not to be blamed, pull off theater to seem engaged, but avoid anything that would actually cost money.
So, you're kind of right, but for the wrong reasons. It's a systemic issue, that almost inevitably happens in large organizations, but at the root is not inherent complexity, but a perverse incentive structure.
The reality is: security is often non-existent in larger corporations. It's all about optics and insurance. Hardly any project I've been involved with actually did something for security. It's a cobbled together mess with just enough security theater to not be legally liable. That's it.
Case in point: I know of a database that holds data for pretty much all adult persons in Germany, Austria, Switzerland and some people from surrounding countries. The root password contains the company's name and the year the DB was initially set up.
Spring annotations in general. There's a completely hidden bean context where every annotation seems to throw interceptors, filters, or some reflection crap into. Every stacktrace is 200 lines of garbage, every app somehow needs 500mb for just existing and if you add something with a very narrow scope, that suddenly causes something completely unrelated to stop working.
Realistically, DI and all the Spring crap does not add anything but complexity.
What really baffles me is how bad we (as an industry) are at actually using engineering to leverage these frameworks.
It seems to me, like 90% of the regular, boring business software falls into a handful of categories, where in each category the same problems get solved again and again and again. Frameworks do help, but by far not as much as I'd expect.
Just think about how much software is essentially form>validation>transformation>persistence>messaging. It's always the same, yet if you'd want to write one of these apps, you'd start with a rather bare bones Spring Boot/Quarkus app and maybe a React frontend, that doesn't have any connection to the backend, so you have to manually plug them into each other.
Even doubling the salary is far less than what you'd pay in the US, and as a rule of thumb, German labour, including all the indirect costs, is about twice the gross salary.
In the sense, medicine is applied physics, just as everything else.
Thing is, you always break down a problem into just enough details to solve the problem. Not more. No physicist studying, say, airflow over the Atlantic will take quantum effects or relativistic effects into account. Magnetic fields are also ignored. Even clouds are surprisingly "low res" in most simulations.
That's pretty much the same in most fields, especially in the engineering direction. Idealized gases are idealized, steel beams are assumed to have a certain stiffness just by convention, and your entire existence is represented by a bunch of form fields stored in a database somewhere.
Why is the nose necessary? Standard wojak and a flag would have been fine.