Good points, but there is a domain of these claimed problems which are covered by automated testing, that's all I'm saying.
And no, you can't find security holes with tests (unless they are random-input style tests, I guess), but you can at least cover the hole afterwards with a test.
And no, you can't find security holes with tests (unless they are random-input style tests, I guess), but you can at least cover the hole afterwards with a test.