One might ask why we need security patches in the first place and why can't we write secure software from the beginning.

Aren't we just trying to do to much and releasing defective software. Why is it accepted?