Surely the answer is to stop relying on updates and patching to fix security holes after the fact. The software needs to be designed so that you know with reasonable certainty that it is secure as shipped, and further measures need to be in place to make sure that even if there is a vulnerability in one part of the system, it doesn't matter much. We have grown inured to releasing software with serious flaws* and patching it later. This would not be acceptable in any other industry. Yes, recalls and field modifications do happen, but they are the exception and considered an embarassment for the company that shipped a faulty product.
* For the sake of argument, anything that lets an attacker get your credit card number without lots of social engineering may be considered a serious flaw.