"Teaching an Old Dog New Tricks" or "The Problem is Complexity"

First off, it gave me a much-needed booster-shot of humility about my code. Having a piece of software instantly point out a dozen glaring holes in your code is never fun - but it's an important sensation to savour... More importantly, it showed me that tools like Fortify really do work, and that they find vulnerabilities faster and better than a human... The "many eyes" theory of software quality doesn't appear to hold true, either. FTWK was widely used for almost ten years, and only one of the problems I found with Fortify was a problem I already knew about.

Read Marcus J. Ranum's article here. (He is Chief Of Security for Tenable Security.)