Before I am going to elaborate, yes - technology will be only part of the fix. But technology will be a major part of better security !
Here is my list of security technologies:
Sandboxing:Google Chrome's Sandbox is an excellent example of how to limit damage from faulty code. Much more could be done by using this approach in many other file formats and use cases. Other interesting approaches are AppArmor, SE Linux and Linux Security Modules in general.
Formal Proofs:The problem with sandboxes and operating systems is of course their correctness. If the sandbox has exploitable bugs, it is obviously of little use. It would make a lot of sense for governments to pay for formally verified operating systems,VMs, sandboxes and compilers. And of course for research towards cost reductions in formal verification, as it is currently extremely time-consuming, difficult and expensive.
Memory Safe Programming Languages:The best part of all security issues can be directly blamed to the insecure-by-default approach of C/C++. Buffer overruns, uninitialized pointers accessed, freed pointers accessed, pointers doubly freed and similar issues are responsible for the majority of exploits. Just using memory-safe programming languages such as Spark Ada, Perl, C#, Java or Sappeur (created by myself, see
http://sourceforge.net/projects/sappeurcompiler/) would immediately reduce the number of exploitable bugs by at least 60%.
In many application fields you cannot use sandboxes. Think of indexing engines that index the web - by definition a hostile place. It is quite inefficient to start a new indexing process for each and every document crawled.
Virtualization:If you have a properly (ie. no exploitable bugs) implemented virtual machine, this could act like a Sandbox on the operating system level. Unfortunately, as the HB Gary hacks have exposed, current virtual machine technology is not safe enough. Governments could possibly finance verification efforts here, too. (Private companies don't really have a strong incentive to do that from a money-point-of-view)
Research:Clearly, extensive research into security technologies and their application in real-world-scenarios is required. Security technologies must be nicely enmeshed into user's business processes. Overly restrictive or overly time-consuming technologies/approaches will be circumvented by users. A lot of work in how to make security tech actually ergonomic has yet to be done.