Comment by yencabulator

"Looking for vulnerabilities" is not really a core part of creating secure software. That part of the infosec trashfi^Windustry is all about already deployed software.

You can only get somewhere close to creating secure software by constructing something that is secure by design. Think narrow-interface sandboxes and encoding visibility scopes into types, not "scan for known bad things".