Isn't she missing the point? It is not the source code that is the problem -- it is the developer.
Well ofcause you can improve the quality of your code by educating your developers, but you cannot avoid doing code review. Developers are lazy and they will commit errors.
I liked the roundup of security tools, a pity not all products are explained online.
Does anyone know more about the Fortify product? Gary mentioned it in his webcast the other day.
Regards,
Mads
