...
Dynamic analysis (including fuzz testing) can be automated, and can detect and verify some code flaws. Unit testing and regression testing can also be automated, and provide important security provide useful checks to a codebase.
For some code flaws, automated detection methods are very costly (take too much time, too much memory, or too much disk space) to be practical. Makers of automated detection tools (both proprietary code analysis tools and cost-free, open-source code analysis tools) must balance including the ability to check for a particular code flaw with the average user's cost, user's interest in finding that code flaw, and the false-positive rate of that particular code-flaw checker. Checkers that have high false-positive rates tend to displease tool users. For detailed discussion of the issues discussed in this paragraph, see the article A Few Billion Lines of Code Later: Using Static Analysis to Find Bugs in the Real World.
...