Programmer Or Insecure Data Entry Clerk?

Today I took a look again in the Security Focus, NISTand Milw0rm database to see todays vulnerabilities. Everyday I tend to look at them, and each time I am amazed. The common mean is that programmers make the same mistake over and over again. Buglists like the above are spilling vulns day in day out, for how long? well, let's say 10 years? I know why, the reason they have vulns is because they cannot program a good piece of software because they don't know jack shit about programming. I program over 8 years now, I took literally 3 years off to sit down and learn how to program the right way. One reason are the PHP and ASP programmers, or I should say scripters because the program layer does it for them. They are not programmers, they are just a bunch of people who wanted to write code and winded up as being some data entry clerk, jamming on their keyboards entering insecure code. Ask around, ask your programmer what buffers are, or various types of encoding, or ask them what is BASE 2? did they read all the RFC documents? hardly, and that is a sad fact. Most of them just use and re-use all the pre-programmed functions built in the language without knowing what it does, and how it could hurt them. Why do you think that guys like us can find flaws? mostly because we know how shit works from the start, and if we don't know something we will find out, becoming experts, becoming real programmers. It is a nice journey and there is a lot to be learned or to be explained, one thing I do know, those vulnerability lists will shrink one day, if they had the same mindset as we did. Would it happen? I don't think so, programming was an art form, now it is reduced to mere data entry and those lists will grow, and we will be waiting for that.