"One of the reasons why vulnerabilities are still common-place is because new generations of developers are making the same mistakes. I don't put the majority of the blame on them because they may not know any better. Many of the people that I know who've attended college don't have training for programming securely and the few that do only have these classes available in grad school (and this isn't the norm). Even then these courses are only covering buffer overflows and don't get to cover some of the popular vulnerability types such as sql injection or xss. For starters the majority of programmers don't have masters degree's or access to secure development training, and need direction on security practices which can take months, even years to develop on their own. The problem is that until they have these security skill sets they may be writing vulnerable code."