You should read my comment again, because your reply is essentially repeating what my post said to begin with. Do people treat security poorly in the IT industry, yes. Can security be strengthened by more rigid standards and harsher penalties for failure, yes.
What I responded to, and I'll quote it again, was "Cyber espionage, crime, and warfare are possible only because of poor application or system design, implementation, and/or configuration." The implication here is that these things are NOT possible if systems are not poorly designed, implemented and configured. That's a load of bullshit. even with the best security advancements available you are simply not immune. To suggest otherwise is to display ignorance on the subject.
Would you concede that (say, by using managed languages) eliminating all buffer overflows would be a huge step in the right direction? We have the capability of doing that. There is still the impossibility of ever conclusively proving that a given piece of software is completely free of all possible bugs, but that's a lofty and unrealistic goal. There are many feasible steps we could take that are realistic. We generally don't take those steps because the trade-offs involved don't fit our priorities. They usually mean more effort and therefore more expense, but government is the one institution that does not need to make a profit.
Referring to your original post, there is a huge difference between "this doctor is incompetent and is guilty of malpractice" versus "cure all diseases all the time". I am essentially agreeing with you, except I think that with the latter case, you're going to an absurd extreme that no one is realistically suggesting. That was my point.