It seems like a simple statement, but software developers don't intend to write code with security problems. No one that I have worked with has admitted to intentionally writing security problems into their code. But, as we all know, software security holes appear all too often. According to the SecurityFocus vulnerability database (http://www.securityfocus.com/vulns/stats.shtml), around 100 security vulnerabilities have been reported each month since May of 2000. Almost everyone agrees there is room for improvement across the whole software industry.
There are numerous places to read about software security vulnerabilities. Some industry-wide resources include the following:
The SANS (System Administration, Networking, ...