There seems to be a myth that malware and cyber-attacks can be vanquished with simple modifications to existing software, and that these known remedies are being withheld from the public by the geniuses who work in Silicon Valley or Redmond at the behest of their evil masters who see cyber-crime as a profitable partner. There is no doubt that the computer security industry is largely dependent on the computer criminal industry for its success, just as the armored car industry depends on robbers to justify the cost of their services. It does not follow that there is some kind of conspiracy between the two mutually beneficial actors. Do you think that the banks, that lose billions of dollars to cyber-crime annually, could not afford to buy security that works flawlessly if it were available?
For the legitimate software industry as a whole, the relationship between business and cyber-crime is much more adversarial. Microsoft makes no revenue by the endless string of security patches, and aside from scaring the bejesus out of the millions of users who find XP meets all of their real needs in an OS in order to stimulate a new round of upgrades, they have made little effort to profit from it. The infamous security flaws in JAVA have produced far more embarrassment than revenue.
For most application developers security is a pure waste. When was the last time you saw a Sonar update that was "required" to fix a security issue. As a matter of fact, given the reluctance of users of audio applications to use basic security measures, and the shortage of honest programmers with high level security skills available to the industry, the music software category is probably a sitting duck for malicious exploits. Luckily, it is probably perceived as a small market, so, like Linux and Mac OS, it presents a less tempting target to the really talented criminals.