It's pretty simple why. Computers are highly complex systems with millions upon millions of lines of code. No human being (or group of humans) can write perfect code for complex applications. It just isn't possible. It's the same problem with hardware.
Perhaps one day there will be automated techniques and algorithms that can be ran to mathematically prove to correctness of code, but so far such techniques are limited in scope. The
L4 microkernel people claim to have done it with their kernel code, but others are skeptical of what their formal verification really proves. For instance, the L4 project assumes the following:
quote:
We assume correctness of compiler, assembly code, hardware, and boot code.
There is no reason to "assume" any of those things. Therein lies the problem -- such proofs usually rest on assumptions.
Now does this mean we can do better with writing secure code? Sure. But perfection is far from attainable with current programming techniques and technology. And as long as code remains imperfect, there will always be people like PinkyPie out there who can find the flaws. It will probably take a radical rethinking of computer architecture and programming languages before we can even begin thinking about having provably secure systems.
This pioneer of computer science is working on doing just that.