In the midst of all the vulnerability disclosure and month of “X” nonsense, Ranum has a great review of using a source code tool to find security flaws in software – you should read it (here). You, yes, you stand still laddie! – need to also read “The Future of Secure Application Development” (here)
Although not the purpose of Ranum’s article, it did start some comments around vuln pimpin’ (here), and (here), which is probably going to cause an uproar in the nerdcore set. I suppose full vs. responsible disclosure is our industries version of the east coast – west coast rap wars.