Why isn’t software more secure?

What makes software insecure? What vulnerabilities are there in software? Why are they always discovering new holes & vulnerabilities in our software and systems? Doesn’t testing take care of these problems? What’s an enterprise to do about insecure software?