This point of view smacks of "if we just worked a bit harder/longer we'll be able to build a perfectly secure system".
It aint gonna happen. Not for a system as sprawling as the internet, not for a system with as complex requirements as an operating system.
The more you know about security, the easier it seems to do what is required to improve security - but you have to have very tight control of platforms to be able to follow through on implementing that security. And tight control prevents innovation. Often, security reduces the usefulness of a product.
Convincing everyone in the IT world that they need to spend $ on educating developers and implementing security features is an insurmountable task - and even if you manage it, you still won't be done, because the security issues we understand now and have fixes for are only a subset of all security issues. New types of holes will be found continuously.
Of course, end user training might still be a waste of money - I can't deny that.