To quote from the above book:
"Security usually fails at the seams-at the point where two systems interact-seams between security systems and other systems, seams between parts of a security system."
Presumably this would hold true of any systems in general; an application is more likely to fail at the interaction point with the OS, or the OS with the hardware (?). A hammer and nail can be sound as individual objects, but are most likely to fail when they interact… ???