It's a bit surprising that this list would need to be made, but then again not.

Over the years, we've developed a list of issues like these, that we call the 10 Immutable Laws of Security.

[ Microsoft TechNet: 10 Immutable Laws of Security ]

Did they call the list "Immutable" from the start?

I do believe that we need to start younger teaching things like security. Most security systems need to be explained to be successful, and many of the exploits are the same exploits that have been taken advantage of for years just wrapped up in a new package. The real issue is the changing of our culture so that average joe user understands the dynamic and can guard themselves against black hats and ignorance exploitation.