Real prioritization of software security (or quality for that matter) would require a radical rethink of our current software practices. It would be too costly, no one is ready to pay for it, so instead we hobble along with the current clusterfuck. As long as the current approach doesn't lose anyone billions of dollars, it will be deemed good enough (and even if it does, the cost of a secure rewrite of everything would probably be closer to trillions, not billions).