It's easy to pin this on the Big Bad Companies more than willing to take your money peddling sub-par unfinished wares left and right - and they totally do deserve everything they get blamed for and more; but the truth is* all their cost-cutting and greed contributes to the problem of insecure software only peripherally - it does not create it.
Simply put, I don't think there's any field of human endeavour where piled-up complexity is comparable even within orders of magnitude with what is happening inside computers today; and it has long ago reached and far exceeded the limit of what we - or the tools we were able to create - can cope with.
Once it was feasible to write a piece of code on a Spectrum that did all you wanted done and exactly that, without any bugs. It was incredibly hard, but it could be done. It still can be done with a microcontroller with a few kilobytes of RAM and ROM. But not with any OS-driven PC or smartphone, with its gigantic spider-web of layers upon layers of libraries and frameworks and services all full of unforeseen edge cases and imperfect joints.
And that's only the parts that - against all our efforts such as they are - end up too rickety to support their own weight; we have yet to account for the myriad of other places where the bracing is more or less reasonably sound, but not armour-plated: all the code that manages to not collapse on its own but remains vulnerable to deliberate malicious interference. How much time does it take to create the best, most solid code we can possibly create, such as that governing spaceships and aeroplanes and weapons...? Years and years - and even so that code doesn't typically need to withstand getting picked apart and abused by adversaries, since most of it remains inaccessible to tampering.
Bottom line, since this rant is getting to long anyway: we would need to stop releasing ANY new software for a whole decade. Everything frozen in time. NO new features whatsoever - none. The world's entire IT industry, only hunting and fixing bugs and vulnerabilities. And you know what? After ten years, having gotten rid of everything we could find, there would still be countless bugs and countless vulnerabilities still remaining in all that code, only now a number of "Y" instead of "X". Not "some". Not "few". Not even necessarily "fewer".
I don't know what the solution is - what I do know it's definitely not "focus harder", nor "patch harder". Neither of those will ever get us anywhere NEAR "no-bugs" or "no-vulns" nirvana. Not soon - EVER. We need something completely different if we are to ever get there, assuming it is even possible at all...
* Needless to say, all of the above is "IMHO".