How is it that such well known security holes continue to exist? I understand that it is easy for a program to miss such a thing with so many problems to take care of, but with the widespread use of tiger teams and new ways of testing such software, an automated complete tester even, one would think that such problems would be rooted out before a product is released.

Does anyone know -why- this tendency exists? If we can figure that out, perhaps we can help stop this trend, or catch such problems sooner.