While there certainly is some blame on the programmers (to the extent that it is useful to even assign blame), I would say it is hardly fair to blame programmers for most mistakes.
Bugs are a fact of life - the presence of bugs can hardly be blamed on a specific programmer. Rather, it is a result of the resources assigned to a project and its quality assurance. Yes, at the end of the day it comes down to the lines of code written, but everything and anyone involved in the process up to that point (like designer, project managers, people managers and of course executives at the top) are to blame as well. Especially the decision-makers who deprioritized security or quality assurance are especially to blame, much more so than the programmer who wrote the line.