Security soft companies are just like any other company with financial budgets, staff, operations, etc. There are a whole range of business issues that influence software development - first and foremost, of which, are money, staffing and the current state of technology. Those are essentially the same limiting problems faced by most technology companies and are different for each security soft vendor. Each security soft vendor has its own unique set of challenges in improving its products. There is no single answer to your question as the reasons vary widely.
I can tell you that most vendors do their best to improve their products with the resources that they have at their immediate disposal. Vendors are not negligent or lax, which is what a lot of users seem to think; "There was a bypass video posted two months ago - why isn't it fixed ? Your product suxx !" Everybody expects things to be fixed yesterday and it just doesn't work that way. Sometimes there are circumstances that result in things not being fixed for a long (maybe very) long time. And there are things that a particular vendor just might not ever fix for a lot of reasons - whether end users agree with those decisions or not. Microsoft does it all the time, but if it is AV vendor X, then "Your AV suxx !" is the reaction.
Massive user ignorance is a big part of the problem too, but I won't go into that here.