Conspiracy of Optimism
These things happen only because almost everyone is quite prepared to believe that a piece of software must be ok if everyone else is using it too. Almost everyone is too busy/lazy/ill equipped to actually check code they're borrowing.
That places a heavy burden on the designers and implementers of software. There are things out there that can help.
For instance there have been decent schema languages for defining interfaces since the early 1990s, e.g. ASN.1 schemas, and now JSON schemas. With the right tools it is very easy to define and implement an interface whilst making that interface very resilient to abuse. Any residual problems tend to be in the schema tools and libraries, which at least are a fix-once-fix-everywhere thing. How many buffer overrun bugs have we had? Lots. Yet they would not have happened at all had a schema and tools been used instead of hand written code.
In case anyone is interested my view on a reliable schema language is that it must be:
1) Typed. Messages define what message type they are
2) Size constrained. Arrays limited in length, checking enforced
3) Value constrained. Variables limited in value to a defined range, checked.
4) Extendible. Allow old code to handle newer versions of a message.
5) Choice of binary and text wire formats. Supports all needs
6) Support many languages (C, C++, Java, etc). It's a multi platform world.
ASN.1 and the associated tools does all of this, JSON Schema does all of them too I think (BSON comes to the rescue for 5?). Google Protocol Buffers does only 4 and 6, does 1 badly, same for Thrift I think.