From an interview with Microsoft’s General Manager of Platform Strategy, Michael Taylor:

When you look at the issue of buffer overruns, eight to 10 years ago in software development, you did not know how much space you might need for something so you just create a big buffer zone to allow things to happen. Who knew that people could go exploit that and use that buffer space to do malicious things? #

8-10 years? Hmm…

In 1988, the Morris worm used a buffer overflow in a Unix program called fingerd to propagate itself over the Internet. Even after this incident, buffer overflows were virtually ignored as security issue. #

Somehow that explains a great many things.