Here is a fun paper summarizing this year's RSA conference (The Roaring 20's of security? News.blog CNET News.com). Despite some pessimistic - but likely truthful - comments, it ends on a positive note: "Security is a constantly changing beast so there will certainly be an entirely new crew next year and lots of Champaign flowing back in good old San Francisco."
Also see this comment after the paper about what DID come after the 20s - "The Great Depression." Specifically, the reader says: "There are many, many companies who are about to be useless, just like the article says. In a decade, security will be a non-issue as big vendors catch up and actually write software in a secure way from the IDEA up. "
I am actually preparing a longer blog post on that very subject... And, as a preview, the answer is "no, security will never be 'done'" even if secure coding practices become more widespread (and they won't).