[viraptor]

https://en.m.wikipedia.org/wiki/List_of_tools_for_static_cod...

They're either going to miss things or have false positives. They sure improve the situation, but you can't find all of the issues automatically.

[stcredzero]

Granted. But it will at least raise the bar for building an exploit package from "knows how to code" to "knows how to code, knows something about exploits, and knows how to avoid detection by an automated scanner."