People, time for some perspective...
It is well known in geek circles that we all get a nice warm glow inside when our projects compile without errors, especially if it's a first-time compile of a major chunk of code. And if it happens without errors AND without warnings, well hell, it's beer time!
This, I should point out, is evidence that our code is acceptable to the compiler and can be translated into a workable executable and that we've not mistyped any variables. And, with some better compilers, we've not done idiot mistakes like "if (blah = 1)" (instead of ==). But it is no guarantee that the code actually works correctly, or that it doesn't splatter crap to 0x0 thanks to an inadvertant use of an uninitialised pointer. Oh, and don't moan that it is a problem with C, you can make even more majestic cock-ups in assembler!
We really should expect reliable code from the likes of Microsoft given their resources, but ultimately we have to accept that a modern operating system is so big one single person simply cannot understand it all, line by line. So we have people who will have their own little specialties, like the ethernet stack or the GPU driver or the pagetable/MMU blatter. But then we come to asking how well does this person know their bit of the equation. Not specifically in providing the features, but also in isolating from things that could go wrong. Take for example the various ports (Firewire etc) which would allow DMA to system memory to relieve the processor from a lot of the interfacing issues. For most hardware on the market, this is just fine. However once somebody devises a way to create a special bit of hardware to pwn a computer by spitting data directly into system memory, bypassing all of the driver's security and the OS's security, suddenly it is a problem - and who is to blame? As a coder or designer you now have to consider not just all of the things your project CAN do, but also all of the stuff it shouldn't. Miss one, there's a potential hole waiting to be exploited.
Don't mistake a genuine bug or sloppy code with vulnerabilities specifically exploited, for today's exploits are akin to saying your car is insecure and worthy of theft because the windscreen did not prevent a sledgehammer... This cycle of patch/attack will never go away. It will just, as systems get more solidly built then the attacks will become ever more ingenious. The concept of a totally secure no-patch-necessary cannot-be-hacked operating system is a dream, only really possible if a system is installed, has NO connection to the outside world, and never takes a program or data from an external source. For the rest of us...