This is not a question of being able to predict the future. It is a question of not making the most common, stupid mistake imaginable. For every year since they started keeping track, the most common cause of security holes announced on CERT has been the buffer overflow. This is true despite the fact that there have been programming environments for decades which stop this bug cold.

At what point do you stop saying, "That is life." and start saying, "That is negligence?"