News broke early Friday morning that the DAO had been exploited using a code error (first described by Peter Vessenes) in the DAO software that caused the exploiter of the DAO ("Exploiter") to be paid extra amounts of Ether ("ETH") held by the DAO when executing a split proposal which created a new child DAO containing the extra ETH taken from the DAO and placed that child DAO within the Exploiter's control.

Unlike mass consumer software, which is typically rigorously tested before release, the DAO was released more or less in alpha or beta condition. This means that it had likely not been robustly tested and was likely to encounter error states or behavioral outputs not yet observed. Although I cannot speak specifically to Slock.it's quality control efforts, even large software development companies release buggy code.