This week's book giveaway is in the OCAJP 8 forum. We're giving away four copies of OCA Java SE 8 Programmer I Study Guide and have Edward Finegan & Robert Liguori on-line! See this thread for details.
All types of security assessment (automated scan, static analysis scan, manual code review, penetration test, etc) have advantages and disadvantages and this document helps to differentiate between these types of assessments.
Hopefully, you can use the qualities identified in this document for a solid "security assessment" as a source of principles to guide you to choosing a particular tool or vendor.