Why most static analysis tool failed?

Static analysis technique was introduced by King in 1974 as a way to understand and debug program rather than to find vulnerabilities in the program. Static analysis emerges as a major security subject in the year of 2000 after a dissertation by Wagner. Since then, there are more than 40 tools, open-source or commodity, and 11 techniques introduced to the system security world. However, as reported by major security advisors and experts; such as Microsoft Security Advisor, Secania, SANS Institute, and Symantec; vulnerabilities still exist and exploitations are still at large. To this date, there are numerous possibilities and reasons as to why the community is still facing software security issues. One of it is the effectiveness and efficacy of static analysis in preventing these issues.

I'd wrote a paper which discussed on those issues and had proposed ways to overcome the limitation of previous solutions with title "PREVENTING EXPLOITATION ON SOFTWARE VULNERABILITIES – WHY MOST STATIC ANALYSIS IS INEFFECTIVE?" which had been presented in WEC 2010

Anyone interested on that paper may email me here.