We investigated errors and vulnerabilities that emerge from software defects in C/C++ and Java programs. This allowed us to create a meaningful testbench in order to evaluate best-of-breed automatic source code verification tools. Our results show that current static tools cannot significantly reduce the risk associated with confidential data processing in a military context. Dynamic tools should be used in conjunction in order to provide the necessary assurance level.