Given that released software does contain genuine bugs, it is evident that software devs can't find them all. This suggests bug scanners - and other methods of finding bugs - can't find all bugs all the time.
So if you suspect you have some genuine cracks in your castle wall it does you no harm to paint some some fake cracks as well.
When I first read the article, I was reminded of honey traps - the technique of having fake fake servers that resemble the real thing, so that a, you can detect an attack attempt, and b, attackers waste their time (or if you were being super cunning, come away with fake data that it suits you to have them believe is genuine)
Biting the hand that feeds IT
