You don't think people are trying to find underlying causes? OWASP? CERT? Every university with an IT security program? Every OS maker? Every web server author? Every database author?
There are plenty of highly motivated, well funded, intelligent people working on these problems. The fact is that security is not a mathematical absolute, and no such underlying cause exists, despite your imaginings. There is no grand conspiracy creating security problems.